Hacker Says He Can Break Into Airplane Systems Using In-Flight Wi-Fi

NoHeat · Aug 4, 2014

http://www.reuters.com/article/2014/08/04/us-cybersecurity-hackers-airplanes-idUSKBN0G40WQ20140804

excerpts:

"Cyber security researcher Ruben Santamarta says he has figured out how to hack the satellite communications equipment on passenger jets through their WiFi and inflight entertainment systems "

"One vulnerability that Santamarta said he found in equipment from all five manufacturers was the use of "hardcoded" log-in credentials, which are designed to let service technicians access any piece of equipment with the same login and password. "

AggieMike88 · Aug 4, 2014

[tinfoilhat]Funny how it's close in the timeline for this TV show....

http://www.imdb.com/title/tt3514324/ [/tinfoilhat]

cyclepro · Aug 4, 2014

There will always be a way to hack any electronics.

The only problem with hacking a jet is there are manual over rides for things like that. Just turn off auto pilot and they can't control much.

JHW · Aug 4, 2014

nice headline, but are we really supposed to believe the seatback entertainment is connected to the FMS ? What can he really do, select a chick flick instead of sports for you to watch ?

bnt83 · Aug 4, 2014

NoHeat said:
http://www.reuters.com/article/2014/08/04/us-cybersecurity-hackers-airplanes-idUSKBN0G40WQ20140804

excerpts:

"Cyber security researcher Ruben Santamarta says he has figured out how to hack the satellite communications equipment on passenger jets through their WiFi and inflight entertainment systems "

"One vulnerability that Santamarta said he found in equipment from all five manufacturers was the use of "hardcoded" log-in credentials, which are designed to let service technicians access any piece of equipment with the same login and password. "

Hacking into a satcom seems about as dangerous as making a phone call on a train.

bnt83 · Aug 4, 2014

JHW said:
nice headline, but are we really supposed to believe the seatback entertainment is connected to the FMS ? What can he really do, select a chick flick instead of sports for you to watch ?

Exactly. The idea you can access FMS or ADC maintenance functions through cabin entertainment & communication systems is laughable. This seems like nothing but scare tactic nonsense.

mikea · Aug 4, 2014

*Cough* Bullsh*!

pete480 · Aug 4, 2014

JHW said:
nice headline, but are we really supposed to believe the seatback entertainment is connected to the FMS ? What can he really do, select a chick flick instead of sports for you to watch ?

That's exactly what I thought after reading that headline.

us AAirways · Aug 4, 2014

Bring back the DC-9s!

cowman · Aug 4, 2014

I was about to say if that's true, who is the colossal idiot of an engineer who allowed those systems to be connected at all?

Bob Noel · Aug 4, 2014

ok, maybe maybe maybe this guy can get into the satcom system (but there are easier ways to do it), but how is he going to get into safety critical avionics? This isn't "The Net" or "The Matrix"...

mkosmo · Aug 4, 2014

cowman said:
I was about to say if that's true, who is the colossal idiot of an engineer who allowed those systems to be connected at all?

I can speak to one specific aircraft system that I know has cockpit and cabin systems physically separated except for their power source and a one-way bus to feed aircraft location to the cabin seat backs.

jesse · Aug 4, 2014

JHW said:
nice headline, but are we really supposed to believe the seatback entertainment is connected to the FMS ? What can he really do, select a chick flick instead of sports for you to watch ?

cowman said:
I was about to say if that's true, who is the colossal idiot of an engineer who allowed those systems to be connected at all?

Never underestimate the stupidity of a software engineer.

signed,

a software engineer

Henning · Aug 5, 2014

JHW said:
nice headline, but are we really supposed to believe the seatback entertainment is connected to the FMS ? What can he really do, select a chick flick instead of sports for you to watch ?

I think it maybe that he is getting into the maintenance link through the satellite by getting into the company's maint server through the wifi onboard. IOW it's not a direct link.

JimNtexas · Aug 5, 2014

It's not beyond the realm of possibility that the airplane's wifi access point may have a vulnerability that could expose some interface to the wifi's satcom receiver.

Representatives for Cobham, Harris, Hughes and Iridium said they had reviewed Santamarta's research and confirmed some of his findings, but downplayed the risks.

However, this statement is just click bait:

n theory, a hacker could use a plane's onboard WiFi signal or inflight entertainment system to hack into its avionics equipment, potentially disrupting or modifying satellite communications, which could interfere with the aircraft's navigation and safety systems, Santamarta said.

N53KL · Aug 7, 2014

One word: BULLSH*T

Silvaire · Aug 8, 2014

Wi-Fi is it's own system with it's own ridiculously enormous antenna mounted on top of the fuselage. It is not connected or interfaced in any way with Sat-Com or any other aircraft system.

bnt83 · Aug 8, 2014

Silvaire said:
Wi-Fi is it's own system with it's own ridiculously enormous antenna mounted on top of the fuselage. It is not connected or interfaced in any way with Sat-Com or any other aircraft system.

Not quite.

WiFi/WLAN doesn't even necessarily need separate antennas. The routers I'm familiar with have built in antennas but often the box is mounted in a location where they provide inadequate signal. In that case remote antennas are mounted in the cabin sidewalls connected to the router via coax.

The router provides the WiFi/WLAN interface for wireless devices to the rest of the cabin entertainment system. It also receives altitude information from the FMS to determine when to enable or disable the WiFi/WLAN (10k feet required). Then on top of that there is usually a master switch in the cockpit allowing the flight crew to disable WiFi/WLAN at any time.

So now you have wireless router which is essentially useless as you don't have squat yet. The router can be connected to satellite datalink (Satcom) or an air-ground datalink to actually get voice and broadband internet access through the router.

Many many aircraft don't have any type of Satcom since the subscription rates are super spendy however the air-ground based broadband internet only works over countries that have the ground based towers. If you never fly outside the USA it's not really economical to do everything via satellite.

About the only other cabin entertainment device that is interfaced with the FMS is moving map boxes. These need position/altitude/speed data to plot the aircraft's progress on a map that can be displayed on cabin monitors.

If you are hacking the router, yes there is a maintenance/setup page within that router just like the wireless router in my apartment. Not much to see in there.

bnt83 · Aug 8, 2014

Henning said:
I think it maybe that he is getting into the maintenance link through the satellite by getting into the company's maint server through the wifi onboard. IOW it's not a direct link.

That's not even close to how I read this:

In theory, a hacker could use a plane's onboard WiFi signal or inflight entertainment system to hack into its avionics equipment, potentially disrupting or modifying satellite communications, which could interfere with the aircraft's navigation and safety systems, Santamarta said.

The satcom antenna system has nothing to do with the FMS sensors.

Basically its a pile of bull****.

SkyHog · Aug 8, 2014

It would not surprise me in the least that the airlines are stupid enough to put their FMS onto the same network as the in flight entertainment. I'd bet, if it were accurate, that some genius decided that he wanted to get GPS information for the fancy in flight location piece, and instead of using normal tracking methods (that is, using internet connections to FlightAware or something similar), he could pull it directly from the FMS....

Henning · Aug 8, 2014

bnt83 said:
That's not even close to how I read this:

In theory, a hacker could use a plane's onboard WiFi signal or inflight entertainment system to hack into its avionics equipment, potentially disrupting or modifying satellite communications, which could interfere with the aircraft's navigation and safety systems, Santamarta said.

The satcom antenna system has nothing to do with the FMS sensors.

Basically its a pile of bull****.

Correct, what you read there is complete BS, however you are assuming accurate reporting. Since some people have taken a look at this with some interest, I am just trying to figure out what may have really happened for him to access the onboard systems. I was looking at a route that reality may support since maint servers on the ground can access some ships in flight. Never assume what gets reported is either 100% correct or 100% bull****.

bnt83 · Aug 8, 2014

Henning said:
Correct, what you read there is complete BS, however you are assuming accurate reporting. Since some people have taken a look at this with some interest, I am just trying to figure out what may have really happened for him to access the onboard systems. I was looking at a route that reality may support since maint servers on the ground can access some ships in flight. Never assume what gets reported is either 100% correct or 100% bull****.

I'd say any given news report is about 65% accurate. Every article ever written about me says something slightly different, even when you give the reporter a facts cheat sheet...

PPC1052 · Aug 8, 2014

mikea said:
*Cough* Bullsh*!

"I once say him beat up a guy with a starfish."

Silvaire · Aug 8, 2014

bnt83 said:
Not quite.

WiFi/WLAN doesn't even necessarily need separate antennas. The routers I'm familiar with have built in antennas but often the box is mounted in a location where they provide inadequate signal. In that case remote antennas are mounted in the cabin sidewalls connected to the router via coax....

Depending on the aircraft there are a number of WAP's (Wireless Access Points) in the cabin but I was talking about the Sat-link antenna.

bnt83 said:
...It also receives altitude information from the FMS to determine when to enable or disable the WiFi/WLAN (10k feet required). Then on top of that there is usually a master switch in the cockpit allowing the flight crew to disable WiFi/WLAN at any time...

It receives a discrete signal, a 1 or a 0, it has no idea what the altitude of the aircraft is. Same for the "Master" switch, no interface with any other aircraft system.

My experience is with the Panasonic system. Others may be different but having been involved with the prototype installations on a number of aircraft I can pretty much guarantee you that none of them have even the remotest imaginable interface with an FMC or AP/FD.

FWTxPilot · Aug 8, 2014

JHW said:
nice headline, but are we really supposed to believe the seatback entertainment is connected to the FMS ? What can he really do, select a chick flick instead of sports for you to watch ?

Hacker Says He Can Break Into Airplane Systems Using In-Flight Wi-Fi

Final Approach

Touchdown! Greaser!

Pre-Flight

En-Route

Final Approach

Final Approach

Touchdown! Greaser!

Pre-takeoff checklist

Line Up and Wait

Final Approach

Touchdown! Greaser!

Pattern Altitude

Touchdown! Greaser!

Taxi to Parking

Pattern Altitude

Pre-takeoff checklist

En-Route

Final Approach

Final Approach

Touchdown! Greaser!

Taxi to Parking

Final Approach

Final Approach

En-Route

Pre-Flight