Slashdot Mirror

← Back to Stories (view on slashdot.org)

Planes Can Be Hacked Via Inflight Wi-fi, Says Researcher

Posted by samzenpus on from the protect-ya-neck dept.

wired_parrot writes In a presentation to be shown Thursday at the Black Hat conference, cybersecurity consultant Ruben Santamarta is expected to outline how planes can be hacked via inflight wi-fi. Representatives of in-flight communication systems confirmed his findings but downplayed the risks, noting that physical access to the hardware would still be needed and only the communication system would be affected.

12 of 151 comments (clear)

  1. yes... by gandhi_2 · · Score: 5, Funny

    ... but only by using Python.

    --
    THL phish sticks
    1. Re:yes... by Anonymous Coward · · Score: 5, Funny

      Get these motherfucking scrips off my motherfucking plane!

  2. So, which is it? by timrod · · Score: 4, Insightful

    Is it as Ruben Santamarta says, that the plane's satellite communications system can be hacked into via the plane's wifi? Or is it as the manufacturers say, and the hacker would have to have physical access to the hardware and couldn't do much of anything anyway? There's two very different points of view here and I'm not sure how they're supposed to meet up.

    1. Re:So, which is it? by Anonymous Coward · · Score: 4, Funny

      That is what William Shatner thought.

      CAPTCHA: afraid

    2. Re:So, which is it? by Jane+Q.+Public · · Score: 5, Insightful

      Is it as Ruben Santamarta says, that the plane's satellite communications system can be hacked into via the plane's wifi? Or is it as the manufacturers say, and the hacker would have to have physical access to the hardware and couldn't do much of anything anyway? There's two very different points of view here and I'm not sure how they're supposed to meet up.

      Any airplane manufacturer that is stupid enough to link their passenger wi-fi system to ANYTHING else, deserves to get a few planes stuffed into the ground. Same with auto companies. If true, the whole thing is about as lamebrained as it gets.

    3. Re:So, which is it? by jittles · · Score: 4, Interesting

      Is it as Ruben Santamarta says, that the plane's satellite communications system can be hacked into via the plane's wifi? Or is it as the manufacturers say, and the hacker would have to have physical access to the hardware and couldn't do much of anything anyway? There's two very different points of view here and I'm not sure how they're supposed to meet up.

      Any airplane manufacturer that is stupid enough to link their passenger wi-fi system to ANYTHING else, deserves to get a few planes stuffed into the ground. Same with auto companies. If true, the whole thing is about as lamebrained as it gets.

      Volkswagen hooks up their audio systems to the CANBUS on cars. Those audio systems may have bluetooth enabled. This may allow a hacker to get onto the CANBUS via BT. I haven't tried, but it's definitely something that one could attempt. Other manufacturers do this also, such as GM and Chevy.

    4. Re:So, which is it? by geekoid · · Score: 4, Insightful

      Yes, hundreds of people 'deserve' to die. It certainly not the person doing the attacks fault at all.
      Idiot.

      --
      The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
    5. Re:So, which is it? by Jane+Q.+Public · · Score: 3, Interesting

      Other manufacturers do this also, such as GM and Chevy.

      Yes, that was my understanding as well. And that was my point. It just doesn't look very smart, from where I sit.

      In my view (which I would be happy to review and modify if someone has a better idea), you have 3 basic systems in a modern automobile. In order of importance: [1] critical control and feedback, [2] internal environment, and [3] entertainment.

      [1] and [2] should have strictly limited communication, if any. [2] and [3] should probably have none, and [1] and [3] should not communicate at all under any circumstances.

    6. Re:So, which is it? by boaworm · · Score: 3, Informative

      For the "navigation" systems, he's not talking about GPS (even if he were it wouldn't be a big deal, airplanes can navigate just fine without GPS), but the communication system does send the GPS location, altitude, and speed back home. If that goes down, not a big deal because that's not what air traffic control relies on.

      More and more aircraft and ATC centers support ADS-B transponders and data, which include a GPS-derived position (altitude + position) messages as a part of System Tracking (you can check out Eurocontrols Asterix cat62 protocol and ADS-B applications). Older MSSR radars will provide you with a rough estimate of the position and an assumed altitude based on the aircrafts built-in systems, which is being tracked using for example Kalman filters to predict the current and future position. Switching over to GPS as the primary source of positioning data is allowing tighter packing of aircraft (reduced horizontal and vertical separation rules), which is becoming critical for congested airports to reduce the time between takeoffs/landings, as well as to keep aircraft in holding patters packed tighter together.

      Also, ADS-B can be sent as frequently as 1 message/second due to signals going down towards earth rather than in all directions. Current MSSR radars usually have a scan time of 5-12 seconds.

      So interruptions with these data links (say someone hacks into it and manages to shut it down) would lead to the ATC center having to fall back on MSSR Tracking, meaning you will be violating horizontal and vertical separation rules until the controller can create more space around the aircraft again.

      --
      Probable impossibilities are to be preferred to improbable possibilities.
      Aristotele
  3. No they cant. by Lumpy · · Score: 5, Insightful

    They did not get into the aircraft avionics.

    They got into the satellite communications for the Infotainment system.

    NONE of the systems like that have any interconnection to avionics or telemetry.

    --
    Do not look at laser with remaining good eye.
    1. Re:No they cant. by 93+Escort+Wagon · · Score: 3, Funny

      ahh... so just all the passenger data can be hijacked.
      nothing to worry about here.

      Google and the NSA are worried... about someone else encroaching on their turf.

      --
      #DeleteChrome
  4. there IS a connection by dltaylor · · Score: 5, Insightful

    I used to work for one of the In-Flight Entertainment (IFE) vendors. Although their "architect" was clueless about security, some of us doing the work managed to build some into the system. With WiFi, it was harder, but, before I left, we had, at least, set up some VPNs to isolate the system control links from the cabin crew- and customer-access features (don't know if that persisted). The entire IFE did rely on hard-coded passwords, though.

    There IS a connection between the IFE and aircraft systems. It is used to feed aircraft position and speed data, plus some useful state, such as wheels up/down (there are features that only enabled while in "cruise", but not during takeoff and landing, for example). The aircraft systems designers, however, seemed to have a clue about security, however, as we were only allowed a network connection to a slave server with no apparent upstream links.