Hacker: Inflight WiFi & Entertainment Systems Leave Planes Vulnerable To Cyber Attack

Hoping to shake the airline industry into improving the security of its onboard networks, a hacker and cybersecurity expert will soon present his report on how the inflight WiFi and passenger entertainment systems leave the door open to someone who wants to breach a plane’s satellite communications equipment.

Ruben Santamarta will be presenting his research later this week at a conference in Las Vegas, but he’s given Reuters a sneak peek of what he’ll be talking about.

According to Santamarta, he has been able to demonstrate — in a controlled, simulated environment — that he can breach the firmware of avionics equipment from several manufacturers, potentially wreaking havoc on a plane’s communications and navigations systems.

He released a report earlier this year detailing firmware bugs in these devices, but it did not go into the detail expected from the presentation scheduled for this Thursday.

Reps for some of the manufacturers mentioned in the research have attempted to downplay Santamarta’s claims since the release of his initial report in April, saying there is minimal risk. Some say it’s impossible for a hacker to access their equipment over the WiFi network and that a hacker would need physical access to the equipment.

Santamarta has not yet tested his theory in a real-world setting, and admits to Reuters that it may be more difficult to pull off.

A member of the conference review board tells Reuters that it’s still to be seen whether a cyberattack could be launched via a plane’s inflight entertainment system, but the goal of the research is to highlight potential problems so they can be fixed.

“The core point is the type of vulnerabilities he discovered are pretty scary,” he explains, “just because they involve very basic security things that vendors should already be aware of.”

“These devices are wide open,” adds Santamarta. “The goal of this talk is to help change that situation.”