Segurança de aviões comprometida através de sistema de entretenimento

Foram descobertas falhas graves no sistema de entretenimento da Panasonic usado em aviões de grandes companhias aéreas.

O sistema é usado em aviões de companhias como a American Airlines, United, Virgin, Emirates, Etihad, Qatar, FinnAir, KLM, Iberia, Scandinavian, Air France, Singapore e Aerolineas Argentinas.

As falhas são facilmente exploradas através de ataques simples como SQL Injection e permitem ao hacker malicioso aceder e alterar dados referentes a altitude, localização, iluminação da cabine e do sistema de notificações. Tudo isto em pleno vôo.

As vulnerabilidades foram descobertas pelo investigador de segurança informática Ruben Santamarta da IOActive e estão demonstradas em vídeo.

The vulnerabilities were reported to Panasonic in March last year, and the researcher waited more than a year and a half to go public, so the company had “enough time to produce and deploy patches, at least for the most prominent vulnerabilities.”

Emirates is working with Panasonic to resolve these issues and regularly update its systems. “The safety of our passengers and crew on board is a priority and will not be compromised,” Emirates said, reported the Telegraph.

Santamarta is the same researcher who warned of security issues in systems used by different aircraft in the past.

Back in 2014, he discovered that it was possible to reverse engineer a bug, which let him connect to the Wi-Fi signal or the in-flight entertainment system to connect to airplanes’ equipment, including the navigation system.

 

Hacker Demonstrates How Easy In-Flight Entertainment System Can Be Hacked [Mohit Kumar, The Hacker News]

In Flight Hacking System [Ruben Santamarta, IOActive]