Santamarta claims that the satellite communications on most commercial aircraft are not secured and can easily be broken into. The culprit for this? It is our old friend the hard coded credentials. Santamarta said he found evidence of hard coded login credentials in the firmware of products made by Cobham, Harris Corp, Japan Radio, Iridium Communications and even Hughes Network Systems.
As hackers move into more hardware based vectors (firmware hacking is a new trend, but not hew) the problems of hard coded passwords embedded in any devices are showing. Originally there was not much someone could do with the firmware on a device. You could write zeroes to it or perhaps insert small code that could reinfect a system, but not much more. Now that firmware is really an embedded OS with much greater functionality this is changing.
We have talked about this rather large flaw before and the troubling ease that firmware can be compromised. We did not expect to hear that systems in something like a commercial aircraft would have these flaws as well.
According to Santamarta the level of access you would have could allow you to disrupt the operation of the plane by messing with avionics, or even disrupting the information being sent to the plane.
This is not the first hack thrown at commercial aircraft, earlier this year Hugo Teso, a commercial pilot and security researcher showed off how easily he could get into the flight control systems of an aircraft and send them incorrect information. With this he was able to steer the aircraft away from its real course while making the pilots onboard think they were going in the right direction.
All of this is very concerning and again brings up the point that manufacturers need to move away from the current practice of believing no one will think of this or that. Instead they need to start looking at security from the view point of, they WILL think of that and harden the systems that they are putting out and that we rely on to travel safely.
Tell us what you think in our Forum