Researchers say in-flight entertainment system flaws could allows hackers to control a plane

[midian182]

Researchers have discovered flaws in Panasonic’s in-flight entertainment system that could grant hackers access to a plane’s passenger displays, cabin lighting, and PA system. In some cases, they could even hijack an aircraft’s controls.

IOActive’s Ruben Santamarta found the vulnerabilities in the Panasonic Avionics system, which is currently found in planes from 13 different airlines: United, American Airlines, Virgin, Emirates, Etihad, FinnAir, KML, Iberia, Qatar, Scandinavian, Singapore, Aerolineas Argentinas, and Air France.

Worryingly, it was discovered that the security issues could theoretically act as an access point to the plane's wider network, including the aircraft’s controls.  

“I discovered I could access debug codes directly from a Panasonic inflight display,” said Santamarta. “A subsequent internet search allowed me to discover hundreds of publicly available firmware updates for multiple major airlines, which was quite alarming. Upon analyzing backend source code for these airlines and reverse engineering the main binary, I’ve found several interesting functionalities and exploits.”

Hackers could scare passengers by altering what they see on their in-flight screens, such altitude and flight path. They could also manipulate the cabin’s lights and the recliners in the first-class seats, send out messages over the PA system, and potentially steal credit card details from frequent flyers/VIP members.   

Taking over a plane’s controls is, of course, the worst case scenario. Santamarta said that the Aircraft Control domain should always be physically isolated from the passenger entertainment domains, but this doesn’t always happen. He stressed that the airlines should be "incredibly vigilant" when it comes to segregating in-flight systems.

IOActive reported the flaws to Panasonic Avionics back in March 2015. The researchers waited this long to go public so the company had “enough time to produce and deploy patches, at least for the most prominent vulnerabilities.”

IOActive has been down this path before. The consultancy group hit the headlines a few years ago when it was able to take control of a Jeep Cherokee’s primary functions by remotely accessing its infotainment system.

Taking control of a plane’s controls from a passenger seat may sound unlikely, but Santamarta is convinced that it is possible. "I don't believe these systems can resist solid attacks from skilled malicious actors," he said. "This only depends on the attacker's determination and intentions, from a technical perspective it's totally feasible." 

Permalink to story.

https://www.techspot.com/news/67469-researchers-flight-entertainment-system-flaws-could-allows-hackers.html

 

[cartera]

Didn't a security researcher do this and live updated twitter while doing it only to get dragged off the American Airlines flight by FBI upon landing? Anyone know what happened to him?

I remember he used a port found under the planes seat and intercepted the cockpits messages to the wing flaps. Scary stuff that security holes/ breaches like this exist.

 

[Skidmarksdeluxe]

I'd like to play around with that, plug in my joystick and have some real fun. It would be far more entertaining than just watching some boring old in-flight show.

 

[stewi0001]

Why the heck is the passage entertainment system even connected to the plane's system!? That should be hack prevention 101 right there.

 

[cliffordcooley]

Why the heck is the passage entertainment system even connected to the plane's system!? That should be hack prevention 101 right there.

I was just fixing to say the very same thing.

 

[DelJo63]

IMO, the report is FUD, shock and awe. What avionics designer would even consider this interconnection. OMG if the rationale is "to allow new movie downloads". I'm highly doubtful of the credibility of the report.

 

[EEatGDL]

Why the heck is the passage entertainment system even connected to the plane's system!? That should be hack prevention 101 right there.

I think it has to do with showing the passengers the altitude and flight path; similar to the infotainment systems in cars connected to the car's controllers so that the radio volume increases as the car speeds up or the warning sounds keep up with the radio volume.

 

[Arris]

Why the heck is the passage entertainment system even connected to the plane's system!? That should be hack prevention 101 right there.

Almost exactly what I said but I used the dreaded caps so got deleted. Didn't even know that was a reason for deletion, ha

 

[Arris]

I think it has to do with showing the passengers the altitude and flight path; similar to the infotainment systems in cars connected to the car's controllers so that the radio volume increases as the car speeds up or the warning sounds keep up with the radio volume.

That information should be transmitted between systems without them sharing any other connectivity. Probably a cost cutting exercise hosting them on the same internal hardware onboard.

 

[Aaron Jones]

Why the heck is the passage entertainment system even connected to the plane's system!? That should be hack prevention 101 right there.

I think it has to do with showing the passengers the altitude and flight path; similar to the infotainment systems in cars connected to the car's controllers so that the radio volume increases as the car speeds up or the warning sounds keep up with the radio volume.

Data diodes exist, and have done so for several decades. They allow transmission in only one direction.

 

[stewi0001]

Data diodes exist, and have done so for several decades. They allow transmission in only one direction.

Curse my brain, I read diodes as something else.... *shame*

 

[EEatGDL]

Data diodes exist, and have done so for several decades. They allow transmission in only one direction.

Yep, even in one direction they're still connected, my point is still valid. If communication is actually bidirectional and thus the safety concern, that's another matter, I'm not taking a side here; I just answered the question of why that connection is present.