Ruben Santamarta, a cyber security researcher, discovered that the passenger jet's WiFi connectivity can be hacked, allowing access to satellite and navigation systems.
Santamarta, who worked for the cyber security organization IOActive, stumbled upon these vulnerabilities by reverse engineering the firmware or the software program included in the aircraft's communications system. The firmware was made by companies Cobham Plc, EchoStar Corp's Hughes Network Systems, Harris Corp, Iridium Communications Inc., and Japan Radio Co Ltd.
The security expert detailed how the hacker can use the airplane's WiFi signal or other in-flight entertainment choices to gain access to its avionics system. When this happens, he or she can alter the plane's satellite communications and might pose an enormous risk on the safety of the flight. However, he clarified that his experiments were done in a controlled environment and might be very difficult to reenact in a real-world scenario. He chose to present his findings to help the manufacturers fix the bug on the firmware.
"These devices are wide open. The goal of this talk is to help change that situation," Santamarta, 32, told Reuters.
Representatives for Iridium, Cobham, Harris, and Hughes evaluated Santamarta's experiment, but did not acknowledge its validity.
For example, the Aviation 700 aircraft, which Santamarta used for his research, will be impossible for a hacker to access the communications system through the plane's WiFi signal. According to the representatives, the hackers would need access to the plane's equipment first.
A representative for Japan Radio Co. declined to leave a comment about the issue, stating that discussion of the plane's security vulnerabilities should not be made in public.
Santamarta will present his experiment at Black Hat, an annual hacking conference held in Las Vegas, in which security experts and hackers talk about the latest developments of the security industry.