Security experts are set to use two major hacking conferences this week to unveil new research claiming to reveal how satellite comms on passenger jets and urban traffic control systems could be infiltrated and remotely controlled by cybercriminals.
IOActive principal security consultant, Ruben Santamarta, will present his findings at Black Hat on Thursday, explaining how vulnerabilities in devices from leading SATCOM vendors could allow attackers to “disrupt, inspect, modify or reroute” comms traffic, potentially interfering with a plane’s navigation systems.
The research applies not only to aircraft but ships, emergency services and even industrial facilities like oil rigs and wind turbines – all of which use satellite communications, according to Santamarta.
Static firmware analysis via reverse engineering will enable him to show that 100% of the devices could be abused, he wrote in a description of the presentation.
“The vulnerabilities we uncovered included multiple backdoors, hardcoded credentials, undocumented and/or insecure protocols or weak encryption algorithms,” it continued.
“These vulnerabilities allow remote, unauthenticated attackers to fully compromise the affected products. In certain cases no user interaction is required to exploit the vulnerability, just sending a simple SMS or specially crafted message from one ship to another ship can do it.”
Cobham, which developed the Aviation 700 aircraft satellite communications equipment featured in the research, told Reuters that the findings were caveated by the fact that hackers would have to physically access its kit to interfere with critical systems.
This access is strictly controlled in the airline industry, spokesman Greg Caires told the newswire.
Other vendors similarly downplayed the findings.
Meanwhile, on Friday at rival security show DEF CON, Santamarta’s colleague and IOActive CTO Cesar Cerrudo, will present a topic on how wireless sensor devices used in traffic control systems “could be completely controlled with no authentication necessary”.
“The latest Sensys Networks numbers indicate that approximately 200,000 sensor devices are deployed worldwide,” he wrote in a blog post.
“Based on a unit cost of approximately $500, approximately $100,000,000 of vulnerable equipment is buried in roads around the world that anyone can hack. I’m also concerned about how much it will cost tax payers to fix and replace the equipment.”