Airplanes could be taken over through inflight entertainment systems, hacker claims
Ruben Santamarta, a 32-year-old consultant for cyber security firm IOActive, is expected to present a talk titled “SATCOM Terminals: Hacking by Air, Sea and Land” on Thursday at the annual Black Hat conference in Las Vegas, Nevada, and during it he plans to demonstrate how satellite communications systems used by the likes of commercial airliners and oil rigs alike can be infiltrated by malicious actors and altered to let unauthorized attackers take control.
“We live in a world where data is constantly flowing. It is clear that those who control communications traffic have a distinct advantage. The ability to disrupt, inspect, modify or re-route traffic provides an invaluable opportunity to carry out attacks,” Santamarta says.
According to an abstract of the talk made public by Santamarta, during Thursday’s talk he’ll explain how devices sold by the world’s leading SATCOM vendors contain substantial security flaws. After analyzing those products, IOActive said they determined that “100 percent of the devices could be abused” by an array of attack vectors.
"These devices are wide open. The goal of this talk is to help change that situation," Santamarta told Reuters for a report published on Monday this week.
Santamarta first hinted at his findings in a whitepaper published earlier this year titled “A Wake-up Call for SATCOM Security” in which he wrote that “multiple high risk vulnerabilities were uncovered” in popular SATCOM technologies manufactured and marketed by Harris, Hughes, Cobham, Thuraya, JRC and Iridium. Those vulnerabilities, he wrote, could let hackers take control of SATCOM terminals by gaining access through backdoors or relying on hardcoded credentials that allow anyone with the right log-in to gain administrative access over a device using a master password. In other instances, the SATCOM devices were alleged to use undocumented or insecure protocols, and in others, weak encryption algorithms.
“These vulnerabilities have the potential to allow a malicious actor to intercept, manipulate or block communications, and in some cases, to remotely take control of the physical device,” the paper acknowledged.
“In certain cases no user interaction is required to exploit the vulnerability, just sending a simple SMS or specially crafted message from one ship to another ship can do it,” reads a description on the Black Hat website.
Jim Finkle, a reporter for Reuters, wrote that the exploits may allow Santamarta or anyone else with the right information to hack the satellite communications used on passenger jets by gaining access through inflight services provided to civilian passengers.
“In theory, a hacker could use a plane's onboard Wi-Fi signal or inflight entertainment system to hack into its avionics equipment, potentially disrupting or modifying satellite communications, which could interfere with the aircraft's navigation and safety systems,” Finkle wrote.
One system at risk, according to the whitepaper, are Harris BGAN terminals commonly used by the military to provide enhanced tactical radio network capabilities in battlefield situations, and “is common within the forces of the North Atlantic Treaty Organization (NATO).”
IOActive believes an attack can use vulnerabilities discovered in that system to inject malicious code into the device’s terminal and then potentially wreak havoc.
“The ability of the victims to communicate vital data or ask for support to perform a counter-attack is limited or even cut off. In the worst-case scenario, loss of lives is possible,” the paper reads.
In another device, the Aviator 700, “IOActive found vulnerabilities an attacker could use to bypass authorization mechanisms in order to access interfaces,” according to the whitepaper, which “…could compromise control of the satellite link channel used by the Future Air Navigation System (FANS), Controller Pilot Data Link Communications (CPDLC) or Aircraft Communications Addressing and Reporting System (ACARS).” According to a 2010 press release, that device was being shipped to enterprise and government maritime customers, and had previously been approved for use by the United States Federal Aviation Administration.
“A malfunction of these subsystems could pose a safety threat for the entire aircraft,” IOActive insists.
According to Reuters, the response from allegedly affected customers has so far been wide ranging.
"We concluded that the risk of compromise is very small,” a spokesperson for Harris told Finkle.
"We have determined that the risk to Iridium subscribers is minimal, but we are taking precautionary measures to safeguard our users,” added a representative for Iridium.
Online, IOActive says they worked with the US government’s CERT Coordination Center to professionally disclose their findings to the companies responsible for products at risk. As of April, though, the company said that, “Unfortunately, except for Iridium, the vendors did not engage in addressing this situation. They did not respond to a series of requests sent by the CERT Coordination Center and/or its partners.”
“The current status of the products IOActive analyzed makes it almost impossible to guarantee the integrity of thousands of SATCOM devices,” the firm added. “Appropriate action to mitigate these vulnerabilities should be taken. Owners and providers should evaluate the network exposure of these devices, implement secure policies, enforce network segmentation, and apply restrictive traffic flow templates (TFT) when possible. Until patches are available, vendors should provide official workarounds in addition to recommended configurations in order to minimize the risk these vulnerabilities pose.”