Security flaws let hackers hit in-flight and at sea WiFi

In-flight entertainment systems — Users watch in-flight entertainment systems. IOActive has not yet announced which airline carriers' in-flight systems it found were vulnerable. Photo: Smith Collection/Gado via Getty Images.

Multiple deployed satellite communications (SATCOM) products have security flaws, according to IOActive researcher Ruben Santamarta, who will present research in the field Wednesday at the cybersecurity conference Black Hat.

The systems are used in everything from airplane in-flight WiFi and entertainment systems to communications on ships. Santamarta found vulnerable systems in both.

Show less

Go deeper201 Words

"We are talking about major airlines and fleets."

— Santamartato to Axios

Why it matters: Hacking an in-flight WiFi system can't crash a plane — that's a different system. But think about the damage a hacker could cause to an airline by sending an alert to in-flight entertainment systems to prepare for a crash landing.

What was discovered: While IOActive had presented on security problems in device software, it hadn't previously checked the prevalence of the flaws in the real world.

"In 2014, those scenarios were theoretical. After four years, we’ve proved they are real," Santamarta told Axios.
Santamarta also discovered ways a hacked system could be weaponized to exert harmful radio frequency broadcasts.
The 2014 presentation found a bevy of problems in SATCOM, including flawed protocols, poor encryption and hard coded passwords.

Who it effects: IOActive found accessible systems in NATO conflict zones, where SATCOM is used for sending communications to a remote region.

Those systems include at least one major airline carrier being kept secret until the presentation.
The firm found some systems at sea that had been infected in malware, although it was unclear whether that was a targeted attack.

Cybersecurity

Latest Stories

Latest Stories

What we're driving: Cadillac CT6 with Super Cruise technology

China and Saudi Arabia sign economic agreements worth $28 billion

What you need to know about assisted-driving technology

1 killed, 12 injured in clash with Venezuelan army on Brazil border

House to vote Tuesday to block Trump’s national emergency

Axios Pro Rata: Rise of the minotaurs — Panda Selected eats $50 million — Unleveraged buyouts

USDA has given farmers $7.7 billion to counter effects of trade war

Axios Login: Anti-vaxx content haunts Big Tech — Scoop: Ray Ozzie's new startup — YouTube ad boycott

Time's Up CEO resigned after son was accused of sexual assault

Oregon Gov. Kate Brown: Voters want to see more diverse candidates

Exclusive: Ray Ozzie wants to wirelessly connect the world

New 2020 super PAC will be dedicated to climate change

Detecting unexpected behavior could be key to securing AV systems

The average S&P CEO makes 273 times more than its median employee

Americans are loading up on U.S. debt

Axios Generate: Australian power shift — FERC's new LNG move — New worries for Tesla and Ford

The market for accessible AVs is growing

How one Australian region kicked the coal habit

The most overpaid CEOs

S&P sales and profit are moving in the wrong direction

Security flaws let hackers hit in-flight and at sea WiFi

Latest Stories

Latest Stories

What we're driving: Cadillac CT6 with Super Cruise technology

China and Saudi Arabia sign economic agreements worth $28 billion

What you need to know about assisted-driving technology

1 killed, 12 injured in clash with Venezuelan army on Brazil border

House to vote Tuesday to block Trump’s national emergency

Axios Pro Rata: Rise of the minotaurs — Panda Selected eats $50 million — Unleveraged buyouts

USDA has given farmers $7.7 billion to counter effects of trade war

Axios Login: Anti-vaxx content haunts Big Tech — Scoop: Ray Ozzie's new startup — YouTube ad boycott

Time's Up CEO resigned after son was accused of sexual assault

Oregon Gov. Kate Brown: Voters want to see more diverse candidates

Exclusive: Ray Ozzie wants to wirelessly connect the world

New 2020 super PAC will be dedicated to climate change

Detecting unexpected behavior could be key to securing AV systems

The average S&P CEO makes 273 times more than its median employee

Americans are loading up on U.S. debt

Axios Generate: Australian power shift — FERC's new LNG move — New worries for Tesla and Ford

The market for accessible AVs is growing

How one Australian region kicked the coal habit

The most overpaid CEOs

S&P sales and profit are moving in the wrong direction

Never miss an Axios exclusive. Sign up for Mike Allen's AM newsletter.

Security flaws let hackers hit in-flight and at sea WiFi