In-Flight Airplanes Can Now Be Hacked from the Ground, Cyber Expert Warns

Researcher Ruben Santamarta is set to demonstrate how to tamper with planes via satellite communication (SATCOM) technology. iStock

A security researcher is set to prove how security weaknesses in satellite communication (SATCOM) technology exposed "some of the largest airlines in the U.S. and Europe" to hackers and could be exploited by adversaries to reveal NATO bases in conflict zones.

Building on research first published in 2014, Ruben Santamarta, an expert at cybersecurity company IO/Active, will tell attendees at 2018's BlackHat hacker conference in August how "entire fleets" of airplanes were left accessible from the internet, leaving hundreds of in-flight craft at risk. His talk, using the same name as a previous research report, is titled "Last Call for SATCOM Security."

Santamarta says that he has now proven his previous theories—which suggested ships, aircraft, military personnel, emergency services, media, and industrial facilities were all vulnerable—and is now able to demonstrate exactly how a plane's WiFi network can be tampered with from the land below.

"As far as I know I will be the first researcher that will demonstrate that it's possible to hack into communications devices on an in-flight aircraft…from the ground," he told Dark Reading this week. "We also managed to get access to important communications devices in the aircraft," he added.

While I/O Active, already well-known in cybersecurity circles for experiments in car hacking, has attempted to report all the potential bugs to impacted companies, the researcher has acknowledged that a number of "significant vulnerabilities" are still exploitable. None of his analysis put lives at risk, but he said the bugs in some SATCOM devices "could be used to perform cyber-physical" attacks.

"This has to be explained carefully, and we've got all the technical details backing our claim. It's not an apocalypse, but basically there are some scenarios that are possible," he told DarkReading, adding that he will show SATCOM devices being weaponized by leveraging the security flaws.

A brief tease on the BlackHat website says his 2014 hypotheses will be taken into real-world territory. "We will go one step further and demonstrate how to turn compromised SATCOM devices into RF weapons," it reads. "This talk will cover new areas on the topic, such as reverse engineering, Radio Frequency (RF), SATCOM, embedded security, and transportation safety and security."

Until last year, the notion of effective plane hacking was largely believed to be purely theoretical. But as noted by Aviation Today last November, the U.S. Department of Homeland Security (DHS) reconsidered this approach after its cyber experts remotely breached the defenses of a Boeing 757 commercial plane.

Robert Hickey, aviation program manager at the agency's Science and Technology Directorate, said during a security conference in Virginia that much of his work remains classified, but revealed it didn't take long to develop a working hacking exploit. "We got the airplane on Sept. 19, 2016," he said. "Two days later, I was successful in accomplishing a remote, non-cooperative, penetration." Hickey confirmed that his team broke through the network using "radio frequency communications."

While the research was alarming, showing how future terrorists could take over planes using technology alone, Boeing stressed at the time there was "no hack of the airplane's flight control systems."

Back in 2015, a cybersecurity researcher called Chris Roberts hit the headlines after he told FBI investigators that he had broken into various in-flight entertainment systems more than a dozen times between 2011 and 2014, claiming to be aware of bugs in Boeing and Airbus craft. As noted by Wired, a warrant application suggested that he was able to make a plane briefly alter its course.

Roberts said that his tweet that was brought to the attention of the FBI while he was on a United Airlines flight was meant as a joke, Wired reported. He was arrested while carrying "nasty" hacking malware but, ultimately, no charges were filed and his seized equipment was returned.

Santamarta has been warning of the hacking risks for years. "We live in a world where an ever-increasing stream of digital data is flowing between continents," his 2014 paper read. "It is clear that those who control communications traffic have an upper-hand. The ability to disrupt, inspect, modify, or re-route traffic provides an…opportunity to carry perform surveillance or conduct cyberattacks."

He added: "When it comes to security, it is no longer acceptable to rely on perceptions."