Cobham. Photo credit: aeroprints.com via Wikimedia Commons. 

Afraid to fly? Missing planes and missile strikes got you scared? Well, you may want to stop reading this article now because the following could just exacerbate that fear. According to cybersecurity researcher Ruben Santamarta, it's possible to compromise a plane's safety by hacking into its Wi-Fi and in-flight entertainment systems. 

Wi-Fi in the sky
British defense company Cobham (COB) supplies a variety of different products to both commercial and defense companies. One such product is the Aviator 700 system, a satellite communication system, which Cobham describes as a complete aeronautical communications solution for multiple applications. In other words, it provides things like navigation and airplane performance data for the cockpit, and Wi-Fi and in-flight entertainment in the cabin.  

Earlier this year, Santamarta, a principal security consultant with IOActive, released a white paper addressing satellite communication vulnerabilities at Cobham and other companies. Specifically in regards to Cobham, Santamarta reported that the Aviator 700 (Level E/D) could be compromised through:

  • Backdoors: mechanisms used to access undocumented features or interfaces not intended for end users.
  • Weak password reset: a mechanism that enabling resetting of others' passwords.
  • Insecure protocols: documented protocols that pose a security risk.
  • Hardcoded credentials: undocumented credentials that can be used to authenticate in documented interfaces expected to be available for user interaction. 

Further, Santamarta states in his report, "IOActive was able to demonstrate that it is possible to compromise a system certified for level D that interacts with devices certified for level A, potentially putting the level A devices' integrity at risk."

What Santamarta means is that there are five different ways to classify the systems on an airplane, and the classification corresponds to the type of effect a failure would have on the aircraft, crew and passengers. According to Santamarta's report, these five levels, and the failure effects are:

  • Level A: system failure would result in "multiple fatalities, usually with loss of the airplane."
  • Level B: system failure would result in "a large negative impact on safety or performance, reduces the ability of the crew to operate the aircraft due to physical distress or a higher workload, or causes serious or fatal injuries among the passengers."
  • Level C: system failure would "significantly reduces the safety margin or significantly increases crew workload. May result in passenger discomfort (or even minor injuries)."
  • Level D: system failure would "slightly reduces the safety margin or slightly increases crew workload."
  • Level E: system failure " has no impact on safety, aircraft operation, or crew workload."

As such, each system has to go through a formal certification processes and prove that it's secure. For levels A, B, and C, this means strong certification "involving formal processes for verification and traceability." Levels D or E, on the other hand, are subject to more "relaxed" testing, Santamarta reports.

In his report Santamarta is arguing that a hacker could use these weaknesses to hack a plane's less critical systems like its WiFi, or entertainment systems, and then use that as a springboard to gain access to more critical systems like navigation and safety. 

Time to panic?

Boeing 717. Photo credit: Jordan Vuong from Perth, Australia via Wikimedia Commons.

The findings are understandably concerning. However, Cobham spokesman Greg Caires told Reuters that without physical access to the company's equipment it's not possible for hackers to use Wi-Fi signals to interfere with navigation and safety systems that rely on satellite communications.  Plus, Santamarta acknowledged that he wasn't able to test this hack in the real world and instead had to use "static firmware analysis by reverse engineering all of the devices" -- the tests were conducted in a lab. 

However, speaking at this year's Black Hat security conference, Santamarta disputed Caires' claim that hackers would need to be physically present at the terminal to use the maintenance port. He said that while some attacks may require physical access, others can be pulled off though Wi-Fi, Defense One reported. The good news, Defense One also noted, is that Santamarta was quick to point out that none of the vulnerabilities he found could directly cause a plane to crash; however, he said a hacker could make it "much harder to fly."  

What to watch
While Cobham has played down the risks detailed by Santamarta, Caires told Defense One that the company takes the issue "very seriously." What that means is anyone's guess, but if Santamarta is correct in his findings, it's likely that aircraft satellite communications systems aren't nearly as secure as one would hope, and might need to be fortified.