It sounds incredible: the ability to tap into a commercial airliner’s on-board systems as it flies thousands of meters over head. But a cyber expert is telling a security conference he’s managed to do just that — hundreds of times.
The Black Hat cybersecurity conference currently being held in Las Vegas brings together a variety of experts to discuss the risks, pitfalls — and locations — of flaws in computer networks.
Ruben Santamara of IOActive, reports Forbes, has found a doozy.
He’s found a weakness in the satellite communications network which provides aircraft with a wide variety of services — from passenger Wi-Fi through to weather forecasts.
He says that, had he been inclined, he could peek into every connected phone, tablet or laptop on planes streaming overhead. And he did this by tapping into the antennas beaming data direct at each aircraft.
While commercial airliner on-board systems remained out of his direct reach, Santamara warns the access he gained gave him the hypothetical power to damage specific parts of an aircraft as satellite communications technology allowed the transfer of energy via radio frequencies.
This could potentially cause burns or damage sensitive equipment, he said.
Forbes reports the cybersecurity expert as saying the satellite-link flaws enabled him to tap into cargo ships and oil tankers. He says it also gave him the ability to track the location of supposedly Top Secret military bases.
Santamara says he’s reported his findings to relevant airlines, satellite operators and government agencies. Some exploits, he says, remain open.
“I think there are still [open] attack vectors,” he told Forbes, warning the weaknesses will not be easy to fix. “In certain cases it’s more of a design issue. It’s not going to be easy.”
WAS MH370 VULNERABLE
The mystery surrounding the strange behaviour of Malaysia Airlines MH370 has led some to speculate the Boeing 777 had been ‘hacked’, allowing someone to remotely shut down its systems and guide it out to sea.
The Malaysian Government’s independent report, issued last month, dismisses this as a possibility.
Dr. Kok Soo Chon reiterated several times in this afternoon’s press conference that “unlawful interference” could not be ruled out.
“We can also not exclude the possibility that there’s unlawful interference by a third party,” Dr. Chon said.
“We cannot deny that there was a turn back. We are not ruling out any possibility.
“(But) we are not of the opinion it could be an event committed by the pilot.”
He said systems were disabled. And deliberate acts taken.
“It is possible that the absence of communications prior to flight path diversion was due to the systems being manually turned off, whether with intent or otherwise,” he said.
“We cannot establish if the aircraft was flown by anyone other than the pilot,” he admitted. “We can also not exclude the possibility that there’s unlawful interference by a third party.”
But this did not include remote hacking.
“There is no evidence to support the belief that control of the aircraft 9M-MRO (operating as MH370) could have been or was taken over remotely as the (necessary) technology was not implemented on commercial aircraft,” he said.
This story originally appeared in news.com.au.