Categories: Security

Security Hole Could Let Hackers Take Control Of Planes

A security flaw in the Panasonic Avionics in-flight entertainment system could enable hackers to take control of a plane when it is in the air, according to researchers at IO Active.

The system, which is used by 13 major airlines including the likes of Emirates, Virgin and Qatar, contains a hole through which hackers could access the plane’s controls, disrupting the flight and potentially putting passenger’s safety and information at risk.

Ruben Santamarta, principal security consultant at IOActive, discovered the problem and was able to  control the cabin lighting, access the announcement system and “hijack” in-flight displays to change information such as altitude and location. He also managed to access the credit card details of frequent fliers and believes it would be possible to access the aircraft’s controls.

“Totally feasible”

“Chained together this could be an unsettling experience for passengers,” Santamarta said. “I don’t believe these systems can resist solid attacks from skilled malicious actors,” he said. “This only depends on the attacker’s determination and intentions, from a technical perspective it’s totally feasible.”

Santamarta warned that airlines should be “incredibly vigilant” when it comes to the segregation of in-flight systems, as this will significantly impact the amount of damage a hacker could inflict.

Panasonic has reportedly known about the vulnerabilities for some time and Emirates has assured that it regularly works with Panasonic to update its systems, saying: “The safety of our passengers and crew on board is a priority and will not be compromised.”

This isn’t the first time hackers have targeted airlines and last year the US Government Accountability Office warned that in-flight Wi-Fi could be used by terrorists or other hackers to take control of an aircraft’s avionic systems.

And it’s looking like security is set to become even more complicated for airlines. This year alone we’ve seen Lufthansa start offering in-flight Wi-Fi on its short and medium-haul routes, iPass Wi-Fi hotspots become available on 2,700 aircraft and British Airways sign a new deal with satellite broadband operator Gogo.

UPDATE: Panasonic has issued a statement accusing IOActive of making “misleading and inflammatory statements” and “unfounded, unproven conclusions.”

The company strongly denies many of the findings made by Santamarta, saying: “The conclusions suggested by IOActive to the press are not based on any actual findings or facts. The implied potential impacts should be interpreted as theoretical at best, sensationalising at worst, and absolutely not justified by any hypothetical vulnerability findings discovered by IOActive.

“IOActive, in statements to the press, inappropriately mixed a discussion of hypothetical vulnerabilities inherent to all aircraft electronics systems with specific findings regarding Panasonic’s systems, creating a highly misleading impression that Panasonic’s systems have been found to be a source of insecurity to aircraft operation.”

Think you know about hacking and viruses? Take our quiz and find out!

Sam Pudwell

Sam Pudwell joined Silicon UK as a reporter in December 2016. As well as being the resident Cloud aficionado, he covers areas such as cyber security, government IT and sports technology, with the aim of going to as many events as possible.

Recent Posts

Amazon Alexa Recovers After Morning Outage

Alexa wake up alarm didn't work this morning? Smart lights didn't turn on? Outage of…

23 hours ago

UK, Australia Reach Cyber, Critical Tech Agreement

Australia says it will 'fight back' against nation state cyberattacks, after agreements with the UK…

23 hours ago

Italian Regulator Recalculates Apple, Amazon Fines

Italian regulator admits it has redetermined the fines against Apple and Amazon, over the sale…

2 days ago

Red Cross ‘Appalled’ As Hackers Steal Humanitarian Data Of 515,000 People

A new low. International Committee of the Red Cross shuts down reunification system, after hackers…

2 days ago

Russia Proposes Ban On Cryptocurrencies, Crypto Mining

Russia's central bank has this week proposed the banning on the use and mining of…

2 days ago