A researcher has discovered that hundreds of airplanes from several airlines have been hacked remotely from the ground by leveraging vulnerabilities in satellite communications systems.
The researcher discovered these vulnerabilities, after taking a look at the in-flight entertainment system during a Norwegian flight.
After passively collecting traffic from the airplane’s Wi-Fi network, he noticed that several commonly used services, such as Telnet, HTTP, and FTP, were available for certain IP addresses, and some interfaces associated with the plane’s onboard satellite communications (satcom) modems were accessible without authentication.
Further analysis of the satcom systems revealed the existence of various types of vulnerabilities, including insecure protocols, backdoors, and improper configuration that could be used by hackers to take full control of the aircraft.
In order to stay away from many other threats, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running.
If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
Many security holes found in this investigation can be exploited by remote hackers in order to take control of satcom equipment on commercial flights, earth stations on ships, and earth stations used by the U.S. military in conflict zones.
The investigation also discovered that hackers could have targeted, from the ground, hundreds of planes from Southwest, Norwegian and Icelandair.
Even more worrying is the fact that one of the vessels analyzed by the expert already had its Antenna Control Unit (ACU) infected with the Mirai malware.
In the military and maritime sectors, remote attacks on satcom systems could pose a safety risk. For instance, in the case of ships, attackers could disrupt communications and they can conduct cyber-physical attacks using the high-intensity radiated field (HIRF), a radio-frequency energy strong enough to adversely affect living organisms and electronic devices.
In the case of the military, malicious actors could abuse satcom systems to pinpoint the location of military units, disrupt communications, and conduct HIRF attacks.
After this findings, all the affected vendors and organizations such as US-CERT and ICS-CERT, airlines and the affected equipment manufacturers have started fixing the issues.
We would continue to monitor this cyber threat. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.