Software Integrity

 

Researcher finds some airline infotainment systems vulnerable

The inflight services that allow passengers to enjoy movies and music on their flights might also allow clever individuals to change cabin lighting.

In an article in the Telegraph Ruben Santamarta, principle security consultant at IOActive, said he could access the in-flight system from Panasonic Avionics. He claimed he could hack its on-board displays. He said he could change cabin lighting and send announcements over the airplane communications channel.

“Chained together this could be an unsettling experience for passengers,” said Santamarta. “I don’t believe these systems can resist solid attacks from skilled malicious actors,” he said. “This only depends on the attacker’s determination and intentions, from a technical perspective it’s totally feasible.”

According to ITPro Samtamarta said he had alerted Panasonic to the problems back in March 2015, and isn’t clear what action the company has taken, if any, to fix the flaw. IT Pro contacted the Panasonic for comment, but hadn’t received a response at the time of publication.

Mike Ahmadi, global director of critical systems security at Synopsys, told ITPro that any system that gets the attention of the hacking/research community will eventually be found vulnerable.

“There are literally an infinite number of ways to compromise any system. Organizations need to constantly monitor and test their systems in order to keep up with security issues. Moreover, organizations should assume compromise will happen and plan accordingly,” he said..

Santamarta uploaded video demos to YouTube.