How to Hack a Plane at 30,000 ft. Find out how?

Adobe Stock

 IOActive  revealed news that there are cyber security vulnerabilities in Panasonic Avionics In-Flight Entertainment (IFE) systems.

These Panasonic systems are known to be used by a number of major airlines, including Emirates, United, Virgin and American.

The vulnerability was discovered by Ruben Santamarta, principal security consultant at IOActive, and the discovery suggested that hackers could ‘hijack’ passengers’ in-flight displays and, in some instances, potentially access their credit card information.

The research revealed it would also theoretically be possible that such a vulnerability could present an entry point to the wider network, depending on system configurations on the airplane.

According to Santamarta, once an IFE system vulnerabilities have been exploited, the hacker could gain control of what passengers see and hear from their in-flight screen.

Vulnerabilities in on-board components can also create potential entry points to more important functional systems and therefore the risks are much higher.

This new research together with Santamarta’s  previously published work on Satellite Communications (SATCOM) terminals clearly demonstrates that aircraft systems are vulnerable to being hacked. Aircraft’s data networks are divided into four domains, depending on the kind of data they process: passenger entertainment, passenger owned devices, airline information services, and finally aircraft control.

Physical control systems are usually located in the Aircraft Control domain, which should be physically isolated from the passenger domains; however, this doesn’t always happen. This means that as long as there is a physical path that connects both domains, there is potential for attack.

The rising number of connected systems is allowing hackers additional routes into networks and why this exploit is not limited to planes.

In recent research it was demonstrated that most IoT devices can be hacked in less than 3 minutes and it is evident that cyber security solutions need to be more stringent and offer more visibility.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s