Satellite Wi-Fi Vulnerabilities Could Be Used To Hack Aircraft Says Researcher

Security researcher Ruben Santamarta has claimed it is possible to compromise the internal systems of ships and aircraft, including passenger planes, using the vulnerabilities in on-board satellite broadband communications equipment.

Santamarta says he analysed hardware from leading Satellite Communications (SATCOM) vendors and found that “100 percent of the devices could be abused”.

The researcher will demonstrate his reverse-engineering techniques at the Black Hat USA conference in Las Vegas later this week. He told Reuters he hopes the presentation will serve as a wake-up call for the industry.

“These devices are wide open. The goal of this talk is to help change that situation,” said Santamarta.

Bad firmware

Santamarta is a principal security consultant at IOActive. He has been working in this field for more than ten years and is responsible for uncovering dozens of vulnerabilities in commercial hardware, with a special focus on industrial control systems. On his blog, the researcher jokes that one of his objectives is to hack into the Large Hadron Collider and blow up the world.

For this year’s Black Hat, he started with something a bit more modest: after reverse-engineering popular SATCOM firmware from manufacturers like Cobham and Iridium, Santamarta found it full of backdoors, hardcoded credentials, undocumented or insecure protocols and weak encryption algorithms.

All of these vulnerabilities could allow an attacker to compromise the affected products, and potentially interfere with essential navigation and safety systems of the ship or a plane.

“In certain cases no user interaction is required to exploit the vulnerability, just sending a simple SMS or specially crafted message from one ship to another ship can do it,” wrote the researcher on the Black Hat website.

These vulnerabilities could affect not just transport but any field which relies on SATCOM equipment, including military installations, emergency services, media services, and industrial facilities.

Santamarta will explain his methods for discovering such software flaws and run a live demo at Black Hat on Thursday. So far, the SATCOM industry has downplayed the risks posed by unsecured firmware, but the talk is expected to reveal the level of technical details that has never been published before.

Last month, Black Hat announced it was cancelling the hotly anticipated presentation on identifying Tor users “on a budget”, since the researchers from Carnegie Mellon university did not receive permission to publish the materials developed at the government-funded Software Engineering Institute (SEI).

How well do you know network security? Try our quiz and find out!

Max Smolaks

Max 'Beast from the East' Smolaks covers open source, public sector, startups and technology of the future at TechWeekEurope. If you find him looking lost on the streets of London, feed him coffee and sugar.

Recent Posts

Amazon Drivers Risk Increasing Number Of Injuries

Study shows that nearly one in five Amazon delivery drivers suffered injuries in 2021- again…

51 mins ago

Nokia CEO Predicts 2030 Arrival For 6G, But Not On Smartphone

Nokia CEO Pekka Lundmark offers his predictions as to arrival of 6G connectivity in this…

5 hours ago

Mark Zuckerberg Sued By DC AG Over Cambridge Analytica Scandal

Four years later, and Washington DC Attorney General decides to sue Mark Zuckerberg personally over…

6 hours ago

Global Digital Tax Law Not Ready Until 2024, Says OECD

Corporation tax delay. Rollout of 15 percent tax agreement for big name corporations only likely…

10 hours ago

Silicon UK In Focus Podcast: The Future of SaaS

How has Saas become an essential component of a successful business? The importance of a…

11 hours ago