Are Airplanes Really Safe? One Hacker Says Maybe Not.

Can hackers use a plane’s Wi-Fi to access critical systems?

Aug 16, 2014 at 10:43AM

Cobham Plane

Cobham. Photo credit: via Wikimedia Commons. 

Afraid to fly? Missing planes and missile strikes got you scared? Well, you may want to stop reading this article now because the following could just exacerbate that fear. According to cybersecurity researcher Ruben Santamarta, it's possible to compromise a plane's safety by hacking into its Wi-Fi and in-flight entertainment systems. 

Wi-Fi in the sky
British defense company Cobham (LSE:COB) supplies a variety of different products to both commercial and defense companies. One such product is the Aviator 700 system, a satellite communication system, which Cobham describes as a complete aeronautical communications solution for multiple applications. In other words, it provides things like navigation and airplane performance data for the cockpit, and Wi-Fi and in-flight entertainment in the cabin.  

Earlier this year, Santamarta, a principal security consultant with IOActive, released a white paper addressing satellite communication vulnerabilities at Cobham and other companies. Specifically in regards to Cobham, Santamarta reported that the Aviator 700 (Level E/D) could be compromised through:

  • Backdoors: mechanisms used to access undocumented features or interfaces not intended for end users.
  • Weak password reset: a mechanism that enabling resetting of others' passwords.
  • Insecure protocols: documented protocols that pose a security risk.
  • Hardcoded credentials: undocumented credentials that can be used to authenticate in documented interfaces expected to be available for user interaction. 

Further, Santamarta states in his report, "IOActive was able to demonstrate that it is possible to compromise a system certified for level D that interacts with devices certified for level A, potentially putting the level A devices' integrity at risk."

What Santamarta means is that there are five different ways to classify the systems on an airplane, and the classification corresponds to the type of effect a failure would have on the aircraft, crew and passengers. According to Santamarta's report, these five levels, and the failure effects are:

  • Level A: system failure would result in "multiple fatalities, usually with loss of the airplane."
  • Level B: system failure would result in "a large negative impact on safety or performance, reduces the ability of the crew to operate the aircraft due to physical distress or a higher workload, or causes serious or fatal injuries among the passengers."
  • Level C: system failure would "significantly reduces the safety margin or significantly increases crew workload. May result in passenger discomfort (or even minor injuries)."
  • Level D: system failure would "slightly reduces the safety margin or slightly increases crew workload."
  • Level E: system failure " has no impact on safety, aircraft operation, or crew workload."

As such, each system has to go through a formal certification processes and prove that it's secure. For levels A, B, and C, this means strong certification "involving formal processes for verification and traceability." Levels D or E, on the other hand, are subject to more "relaxed" testing, Santamarta reports.

In his report Santamarta is arguing that a hacker could use these weaknesses to hack a plane's less critical systems like its WiFi, or entertainment systems, and then use that as a springboard to gain access to more critical systems like navigation and safety. 

Time to panic?


Boeing 717. Photo credit: Jordan Vuong from Perth, Australia via Wikimedia Commons.

The findings are understandably concerning. However, Cobham spokesman Greg Caires told Reuters that without physical access to the company's equipment it's not possible for hackers to use Wi-Fi signals to interfere with navigation and safety systems that rely on satellite communications.  Plus, Santamarta acknowledged that he wasn't able to test this hack in the real world and instead had to use "static firmware analysis by reverse engineering all of the devices" -- the tests were conducted in a lab. 

However, speaking at this year's Black Hat security conference, Santamarta disputed Caires' claim that hackers would need to be physically present at the terminal to use the maintenance port. He said that while some attacks may require physical access, others can be pulled off though Wi-Fi, Defense One reported. The good news, Defense One also noted, is that Santamarta was quick to point out that none of the vulnerabilities he found could directly cause a plane to crash; however, he said a hacker could make it "much harder to fly."  

What to watch
While Cobham has played down the risks detailed by Santamarta, Caires told Defense One that the company takes the issue "very seriously." What that means is anyone's guess, but if Santamarta is correct in his findings, it's likely that aircraft satellite communications systems aren't nearly as secure as one would hope, and might need to be fortified. 

Leaked: Apple's next smart device (warning, it may shock you)
Apple recently recruited a secret-development "dream team" to guarantee its newest smart device was kept hidden from the public for as long as possible. But the secret is out, and some early viewers are claiming its everyday impact could trump the iPod, iPhone, and the iPad. In fact, ABI Research predicts 485 million of this type of device will be sold per year. But one small company makes Apple's gadget possible. And its stock price has nearly unlimited room to run for early in-the-know investors. To be one of them, and see Apple's newest smart gizmo, just click here!

Katie Spence has no position in any stocks mentioned. The Motley Fool has no position in any of the stocks mentioned. Try any of our Foolish newsletter services free for 30 days. We Fools may not all hold the same opinions, but we all believe that considering a diverse range of insights makes us better investors. The Motley Fool has a disclosure policy.

4 in 5 Americans Are Ignoring Buffett's Warning

Don't be one of them.

Jun 12, 2015 at 5:01PM

Admitting fear is difficult.

So you can imagine how shocked I was to find out Warren Buffett recently told a select number of investors about the cutting-edge technology that's keeping him awake at night.

This past May, The Motley Fool sent 8 of its best stock analysts to Omaha, Nebraska to attend the Berkshire Hathaway annual shareholder meeting. CEO Warren Buffett and Vice Chairman Charlie Munger fielded questions for nearly 6 hours.
The catch was: Attendees weren't allowed to record any of it. No audio. No video. 

Our team of analysts wrote down every single word Buffett and Munger uttered. Over 16,000 words. But only two words stood out to me as I read the detailed transcript of the event: "Real threat."

That's how Buffett responded when asked about this emerging market that is already expected to be worth more than $2 trillion in the U.S. alone. Google has already put some of its best engineers behind the technology powering this trend. 

The amazing thing is, while Buffett may be nervous, the rest of us can invest in this new industry BEFORE the old money realizes what hit them.

KPMG advises we're "on the cusp of revolutionary change" coming much "sooner than you think."

Even one legendary MIT professor had to recant his position that the technology was "beyond the capability of computer science." (He recently confessed to The Wall Street Journal that he's now a believer and amazed "how quickly this technology caught on.")

Yet according to one J.D. Power and Associates survey, only 1 in 5 Americans are even interested in this technology, much less ready to invest in it. Needless to say, you haven't missed your window of opportunity. 

Think about how many amazing technologies you've watched soar to new heights while you kick yourself thinking, "I knew about that technology before everyone was talking about it, but I just sat on my hands." 

Don't let that happen again. This time, it should be your family telling you, "I can't believe you knew about and invested in that technology so early on."

That's why I hope you take just a few minutes to access the exclusive research our team of analysts has put together on this industry and the one stock positioned to capitalize on this major shift.

Click here to learn about this incredible technology before Buffett stops being scared and starts buying!

David Hanson owns shares of Berkshire Hathaway and American Express. The Motley Fool recommends and owns shares of Berkshire Hathaway, Google, and Coca-Cola.We Fools don't all hold the same opinions, but we all believe that considering a diverse range of insights makes us better investors. The Motley Fool has a disclosure policy.

©1995-2014 The Motley Fool. All rights reserved. | Privacy/Legal Information