Aug 8, 2018

Security flaws let hackers hit in-flight and at sea WiFi

Users watch in-flight entertainment systems. IOActive has not yet announced which airline carriers' in-flight systems it found were vulnerable. Photo: Smith Collection/Gado via Getty Images.

Multiple deployed satellite communications (SATCOM) products have security flaws, according to IOActive researcher Ruben Santamarta, who will present research in the field Wednesday at the cybersecurity conference Black Hat.

The systems are used in everything from airplane in-flight WiFi and entertainment systems to communications on ships. Santamarta found vulnerable systems in both.

"We are talking about major airlines and fleets."
— Santamartato to Axios

Why it matters: Hacking an in-flight WiFi system can't crash a plane — that's a different system. But think about the damage a hacker could cause to an airline by sending an alert to in-flight entertainment systems to prepare for a crash landing.

What was discovered: While IOActive had presented on security problems in device software, it hadn't previously checked the prevalence of the flaws in the real world.

  • "In 2014, those scenarios were theoretical. After four years, we’ve proved they are real," Santamarta told Axios.
  • Santamarta also discovered ways a hacked system could be weaponized to exert harmful radio frequency broadcasts.
  • The 2014 presentation found a bevy of problems in SATCOM, including flawed protocols, poor encryption and hard coded passwords.

Who it effects: IOActive found accessible systems in NATO conflict zones, where SATCOM is used for sending communications to a remote region.

  • Those systems include at least one major airline carrier being kept secret until the presentation.
  • The firm found some systems at sea that had been infected in malware, although it was unclear whether that was a targeted attack.

Go deeper

China tries to contain coronavirus, as Apple warns of earnings impact

Data: The Center for Systems Science and Engineering at Johns Hopkins, the CDC, and China's NHC; Note: China refers to mainland China and the Diamond Princess is the cruise ship offshore Yokohama, Japan. Map: Danielle Alberti/Axios

As China pushes to contain the spread of the novel coronavirus — placing around 780 million people under travel restrictions, per CNN — the economic repercussions continue to be felt globally as companies like Apple warn of the impact from the lack of manufacturing and consumer demand in China.

The big picture: COVID-19 has now killed at least 1,775 people and infected more than 70,000 others, mostly in mainland China. There are some signs that new cases are growing at a slower rate now, although the World Health Organization said Monday it's "too early to tell" if this will continue.

Go deeperArrowUpdated 2 hours ago - Health

Apple will miss quarterly earnings estimates due to coronavirus

Apple CEO Tim Cook

Apple issued a rare earnings warning on Monday, saying it would not meet quarterly revenue expectations due to the impact of the coronavirus, which will limit iPhone production and limit product demand in China.

Why it matters: Lots of companies rely on China for production, but unlike most U.S. tech companies, Apple also gets a significant chunk of its revenue from sales in China.

America's dwindling executions

The Trump administration wants to reboot federal executions, pointing to a 16-year lapse, but Pew Research reports the government has only executed three people since 1963.

The big picture: Nearly all executions in the U.S. are done by states. Even those have been steadily dropping for two decades, per the Bureau of Justice Statistics (BJS) — marking a downward trend for all executions in the country.