Terrorists and other bad guys could easily seize control of aircraft and disrupt their operations via hacking, a leading security researcher has discovered.
Ruben Santamarta of security firm IOActive discovered that the SATCOM (satellite communications) devices which planes use to navigate and communicate with the ground are easy to hack.
“These devices are wide open,” Santamarta told Reuters.
The security consultant was able to hack into SATCOM devices by back engineering the firmware or software that controls them.
It would be possible to take over an airplane’s radio communications via the craft’s Wi-Fi, Santamarta told an audience at the Black Hat security conference in Las Vegas. Santamarta even showed members of the audience how to upload malware into a plane’s systems via Wi-Fi.
Among other things, the malware could steal passwords that would give hackers access to sensitive systems such as autopilot.
“We’re not crashing airplanes,” Santamarta said. “That said, with this attack one can be used to disrupt or modify satellite data links and there are several comm channels in an aircraft that rely on satellite comms.”
Others, though, believe it is possible to crash an airplane remotely. Sally Leivesley, a former scientific adviser in Britain’s Home Office, told the UK Sunday Express that MH370 may have been brought down via a “cyber attack.”
“It is looking more and more likely that the control of some systems was taken over in a deceptive manner, either manually, so someone sitting in a seat overriding the autopilot, or via a remote device turning off or overwhelming the systems,” she said.
“A mobile phone could have been used to do so, or a USB stick,”
How It Could Be Done
In a white paper, IOActive’s experts said the “vulnerabilities have the potential to allow a malicious actor to intercept, manipulate, or block communications, and in some cases, to remotely take control of the physical device.”
Santamarta’s research indicates that it would be fairly easy to insert malware into an airplane’s electronics via SATCOM and Wi-Fi hacking. One scenario could be to fool an aircrew into thinking that the plane was going one way, when it in fact was going a different direction, leading to it running out of fuel and crashing.
Some malware can cause machines to malfunction. The infamous Stuxnet worm caused machines in nuclear factories in Iran to malfunction in 2010.
Ships And Boats Also Vulnerable
It’s not just planes that could be vulnerable to SATCOM hacking, Santamarta discovered. He found that it was just as easy to hack SATCOM devices that ships use to navigate.
“In certain cases no user interaction is required to exploit the vulnerability, just sending a simple SMS or specially crafted message from one ship to another ship can do it,” Santamarta said.
One possible use for such hacking would be for terrorists to send a freighter or an oil tanker off course, creating a major oil spill by steering a tanker into a reef or the wrong stretch of ocean. Another would be for pirates to locate ships in order to seize them.
Santamarta said manufacturers of SATCOM equipment are not doing enough to protect their devices from hackers.
Do you believe it is possible to hack into and control an airplane, remotely? Share your thoughts in the section below: