Two years ago, a group at Las Vegas' annual hacker convention announced it could break into air traffic control systems.
At this year's Black Hat convention, a cybersecurity consultant, Ruben Santamarta, will discuss how he went even further: by showing it's possible to interfere with an airplane's navigation and safety systems — while on the plane and in the air — using the plane's own Wi-Fi and in-flight entertainment systems. As Reuters reports:
Santamarta published a 25-page research report in April that detailed what he said were multiple bugs in firmware used in satellite communications equipment made by Cobham, Harris, Hughes, Iridium and Japan Radio Co for a wide variety of industries, including aerospace, military, maritime transportation, energy and communications.
The report laid out scenarios by which hackers could launch attacks, though it did not provide the level of technical details that Santamarta said he will disclose at Black Hat.
The manufacturers say the risk of break-ins is very small, but, according to Reuters, Santamarta says simple steps can be taken to make the systems more secure: "One vulnerability that Santamarta said he found in equipment from all five manufacturers was the use of 'hardcoded' log-in credentials, which are designed to let service technicians access any piece of equipment with the same login and password."
Other topics on tap for the Black Hat convention this week include an ad network data link that can let hackers take over Android phones; how Microsoft administrator tools can be used for nefarious purposes; uncorrected security gaps during desktop computers' boot-up processes; and the potential threat of hacks in computers' USB peripherals.