A cybersecurity researcher was able to peek into hundreds of aircraft flying in the air, operated by some of the biggest airlines in the world, by hacking satellite equipment that put all but the safety systems of the plane at risk.
Ruben Santamarta was speaking at the Black Hat conference when he revealed he had the means to hack onboard systems, snoop in on onboard Wi-Fi and carry out surveillance on all connected devices if he were so inclined. The vulnerabilities are specifically centered with the satellite communications equipment used to beam data to the aircrafts and its internal modems, Forbes reports.
Southwest and Norwegian Airlines were specifically named by the researcher to contain the vulnerable kit. A Southwest spokesperson confirmed it had already learned of the vulnerabilities via the U.S. government’s emergency response team US-CERT, ultimately leading to fixes in December.
Notably all of this data and the equipment itself could be exploited remotely from the ground, turning them into “radio frequency weapons” according to Santamarta himself.
Radio frequency attacks, it must be said, can be used to cause physical harm to electronics and even individuals. Since satellite communications can transfer energy over radio frequencies, it is theoretically possible to cause physical damage to systems by focusing that energy to targeted areas of the aircraft, even leading to physical burns to a person if the radio frequencies were powerful enough.
It has to be stated again that the planes’ safety systems weren’t a hacking risk due to the ways a modern aircraft is wired.
While several of the vulnerabilities have been fixed by software vendors, Santamarta fears for exploits through loopholes that could lead to aircraft hacks from the ground.
“I think there are still [open] attack vectors…In certain cases it’s more of a design issue. It’s not going to be easy.”