Plane Wi-Fi Vulnerable to be Hacked
A cyber-security researcher will this week show just how a commercial passenger planes can be hacked using their own Wi-Fi and in-flight entertainment networks.Reuters

A cyber-security researcher says he will this week show just how commercial passenger planes can be hacked using their own Wi-Fi and in-flight entertainment networks.

Researcher Ruben Santamarta will reveal just how this is possible in a live demonstration at the Black Hat hacker in Las Vegas conference on Thursday.

Santamarta's talk, called "Satcom Terminals: Hacking by Air, Sea, and Land" focuses on the satellite communications hardware which he says plays "a vital role in the global telecommunications systems."

Santamarta has discovered that of the devices used in satellite communications that he investigated, 100% were vulnerable, with the researcher uncovering "multiple backdoors, hardcoded credentials, undocumented and/or insecure protocols or weak encryption algorithms."

Devices are wide open

Speaking to Reuters ahead of his presentation, Santamarta said: "These devices are wide open. The goal of this talk is to help change that situation."

Santamarta uncovered the vulnerabilities by reverse engineering the software - or firmware - running on satellite equipment produced by companies like Cobham, Harris, EchoStar's Hughes Network Systems, Iridium Communications and Japan Radio were all found to be vulnerable.

Last year security researcher Hugo Teso claimed that he could change a plane's direction, speed and altitude just using his smartphone.

However the FAA said Teso's technique did not pose a flight safety concern because it does not work on certified flight hardware.

Spokespeople from Cobham, Harris, Hughes and Iridium have all downplayed the researcher's findings, though they have confirmed some of the details of his presentation.

Santamarta has confirmed that he has only used the technique in laboratory settings and not carried out live trials, saying he wanted to go public in order to encourage the manufacturers to fix what he calls serious security risks.