Published — Monday
Santamarta, a consultant with cybersecurity firm
His presentation on Thursday on vulnerabilities in satellite communications systems used in aerospace and other industries is expected to be one of the most widely watched at the conference.
"These devices are wide open. The goal of this talk is to help change that situation," Santamarta, 32, said.
The researcher said he discovered the vulnerabilities by "reverse engineering" — or decoding — highly specialized software known as firmware, used to operate communications equipment made by
In theory, a hacker could use a plane's onboard WiFi signal or inflight entertainment system to hack into its avionics equipment, potentially disrupting or modifying satellite communications, which could interfere with the aircraft's navigation and safety systems, Santamarta said.
He acknowledged that his hacks have only been tested in controlled environments, such as
Representatives for Cobham, Harris, Hughes and Iridium said they had reviewed Santamarta's research and confirmed some of his findings, but downplayed the risks.
For instance, Cobham, whose Aviation 700 aircraft satellite communications equipment was the focus of Santamarta's research, said it is not possible for hackers to use WiFi signals to interfere with critical systems that rely on satellite communications for navigation and safety. The hackers must have physical access to Cobham's equipment, according to Cobham spokesman
"In the aviation and maritime markets we serve, there are strict requirements restricting such access to authorized personnel only," said Caires.
Black Hat, which was founded in 1997, has often been a venue for hackers to present breakthrough research. In 2009,
Santamarta published a 25-page research report in April that detailed what he said were multiple bugs in firmware used in satellite communications equipment made by Cobham, Harris, Hughes, Iridium and
The report laid out scenarios by which hackers could launch attacks, though it did not provide the level of technical details that Santamarta said he will disclose at Black Hat.
One vulnerability that Santamarta said he found in equipment from all five manufacturers was the use of "hardcoded" log-in credentials, which are designed to let service technicians access any piece of equipment with the same login and password.
The problem is that hackers can retrieve those passwords by hacking into the firmware, then use the credentials to access sensitive systems, Santamarta said.
Santamarta said he will respond to the comments from manufacturers during his presentation, then take questions during an open Q&A session after his talk.
"I am not sure we can actually launch an attack from the passenger inflight entertainment system into the cockpit," he said.
"The core point is the type of vulnerabilities he discovered are pretty scary just because they involve very basic security things that vendors should already be aware of."
Most Popular Stories
- Frightfully Fun Films Return for Halloween
- Pfizer Approves $11 Billion Buyback Plan
- Would Soccer Be Richer Without Small Clubs?
- Cloud Lifts Microsoft's Quarterly Results
- Hollywood Eager to Grasp Hispanic Market
- IS Funded by Black Market Oil Sales, Racketeering
- Jennifer Aniston, Justin Theroux Set the Date
- Weekly Jobless Claims Rise but Remain Low
- Stocks Continue Strong After Opening Surge
- Teresa Giudice Must Serve Time in Prison