Santamarta, a consultant with cyber security firm IOActive, is scheduled to lay out the technical details of his research at this week's Black Hat hacking conference in Las Vegas, an annual convention where thousands of hackers and security experts meet to discuss emerging cyber threats and improve security measures.
His presentation on Thursday on vulnerabilities in satellite communications systems used in aerospace and other industries is expected to be one of the most widely watched at the conference.
"These devices are wide open. The goal of this talk is to help change that situation," said Santamarta, 32.
The researcher said he discovered the vulnerabilities by "reverse engineering" - or decoding - highly specialised software known as firmware, used to operate communications equipment made by Cobham, Harris, EchoStar's Hughes Network Systems, Iridium Communications and Japan Radio.
Tested hacks
In theory, a hacker could use a plane's onboard Wi-Fi signal or in-flight entertainment system to hack into its avionics equipment, potentially disrupting or modifying satellite communications, which could interfere with the aircraft's navigation and safety systems, Santamarta said.
He acknowledged that his hacks have only been tested in controlled environments, such as IOActive's Madrid laboratory, and they might be difficult to replicate in the real world. Santamarta said he decided to go public to encourage manufacturers to fix what he saw as risky security flaws.
Representatives for Cobham, Harris, Hughes and Iridium said they had reviewed Santamarta's research and confirmed some of his findings, but downplayed the risks.
For instance, Cobham, whose Aviation 700 aircraft satellite communications equipment was the focus of Santamarta's research, said it is not possible for hackers to use Wi-Fi signals to interfere with critical systems that rely on satellite communications for navigation and safety. The hackers must have physical access to Cobham's equipment, according to Cobham spokesperson Greg Caires.
"In the aviation and maritime markets we serve, there are strict requirements restricting such access to authorised personnel only," said Caires.
A Japan Radio Co spokesperson declined to comment, saying information on such vulnerabilities was not public.
Black Hat, which was founded in 1997, has often been a venue for hackers to present breakthrough research.
'Hardcoded' log-in
In 2009, Charlie Miller and Collin Mulliner demonstrated a method for attacking iPhones with malicious text messages, prompting Apple to release a patch. In 2011, Jay Radcliffe demonstrated methods for attacking Medtronic's insulin pumps, which helped prompt an industry review of security.
One vulnerability that Santamarta said he found in equipment from all five manufacturers was the use of "hardcoded" log-in credentials, which are designed to let service technicians access any piece of equipment with the same login and password.
The problem is that hackers can retrieve those passwords by hacking into the firmware, then use the credentials to access sensitive systems, Santamarta said.
Hughes spokesperson Judy Blake said hardcoded credentials were "a necessary" feature for customer service. The worst a hacker could do is to disable the communication link, she said.
![NG-[C:G.Watc,B:Casi,Wk:4715,Dim:300X250]:Casio](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uawWGpzLl9MfOWNupVtwvVrkKQ4Bn1R7hAtH3B18Q-d5JTVtRLfi5fEyCNzFf4AhSLhsSdO37bNHFaLz-ZSxvCiOW5IHfZI9ijCw1Ma1r544UHvty-_Mfeogc-SatyAvLQcZk3ZWF0CMH8PT4_MOwjhXKDIoN5v0O4B9vAhrxQtl1hIQIJDA=s0-d)
No comments:
Write comments