Next time when you hear an announcement in the flight, “Ladies and gentlemen, this is your captain speaking…,” the chances are that the announcement is coming from a hacker controlling your flight.
Dangerous vulnerabilities in an in-flight entertainment system used by the leading airlines, including Emirates, United, American Airlines, Virgin, and Qatar, could let hackers hijack several flight systems and even take control of the plane.
The security holes could be exploited by hackers that could allow them to spoof flight information like map routes, speed statistics, and altitude values, and steal credit card information.
IOActive’s Ruben Santamarta managed to “hijack” in-flight displays to change information like altitude and location, control the cabin lighting, as well as hack into the announcements system.
“Chained together this could be an unsettling experience for passengers,” said Santamarta. “I don’t believe these systems can resist solid attacks from skilled malicious actors. This only depends on the attacker’s determination and intentions, from a technical perspective it’s totally feasible.”
Besides these critical issues, the researcher said in some instances; hackers could access credit card details of passengers stored in the automatic payment system and use their frequent flyer membership details to capture personal data.
The vulnerabilities affect 13 different airlines that use Panasonic Avionics system, which include American Airlines, United, Virgin, Emirates, Etihad, Qatar, FinnAir, KLM, Iberia, Scandinavian, Air France, Singapore, and Aerolineas Argentinas.
The vulnerabilities were reported to Panasonic in March last year, and the researcher waited more than a year and a half to go public, so the company had “enough time to produce and deploy patches, at least for the most prominent vulnerabilities.”
Emirates is working with Panasonic to resolve these issues and regularly update its systems. “The safety of our passengers and crew on board is a priority and will not be compromised,” Emirates said, reported the Telegraph.
Santamarta is the same researcher who warned of security issues in systems used by different aircraft in the past.
Back in 2014, he discovered that it was possible to reverse engineer a bug, which let him connect to the Wi-Fi signal or the in-flight entertainment system to connect to airplanes’ equipment, including the navigation system.
For in-depth technical details about the new vulnerabilities discovered by Santamarta, you can head on to IOActive’s official blog post published today.