【安全公司:娱乐系统缺陷致黑客可控制飞机】

【安全公司:娱乐系统缺陷致黑客可控制飞机】美国安全公司IOActive发文称由于松下公司的飞机机内娱乐系统存在一定的安全隐患,导致黑客可以通过娱乐显示屏访问调试代码,并通过漏洞对飞机飞行高度和路径进行规划,这使得包括美国航空、阿联酋航空等在内的13家航空公司部分客机存在被黑客劫机的可能性。

How a hacker could fly a PLANE: Alarming new research reveals that an aircraft's controls could be taken over remotely

0930
Shocking new research has revealed that it's possible for hackers to remotely control an airliner.
A cyber security company claims that vulnerabilities in in-flight entertainment systems could provide a gateway for the actual controls of an aircraft to be accessed, as well as allowing hackers to spoof flight information, control lighting and steal credit card information.
The US-based security firm, IOActive, claimed that it's the Panasonic Avionics In-Flight Entertainment (IFE) system - used in carriers including Emirates, AirFrance, Qatar, American Airlines and Virgin - that could give hackers access to a plane's avionics systems.
The system's potential flaws were discovered by IOActive's principal security consultant, Ruben Santamarta.
He said that the 'exploits' he found in the IFE system could allow a hacker to spoof flight information on screens such as altitude, speed or show a bogus route.
This would, he said, create a 'baffling and disconcerting situation for passengers'.
The exploits might also allow hackers to compromise 'Crew App' units, which control PA systems, lighting and recliners on first-class seating.
It would be a terrifying experience for flyers if the PA systems and lighting are operated without cabin crew's control.
Furthermore, depending on the unit's configuration, passengers are at risk of cyber fraud if hackers can access the back end and use their frequent flyer membership details to capture personal data.
However, the most shocking vulnerability, according to Mr Santamarta, is if hackers can find and exploit a physical path between the aircraft's control domains, then the aeroplane could be at risk of a takeover.
He explained that an aircraft's data is split into four domains – passenger entertainment, passenger owned devices, airline information services and aircraft control.
Outlining his concern that cyber attackers could cross this 'red line' between domains, Mr Santamarta said: 'I don't believe these systems can resist solid attacks from skilled malicious actors.
'As such, airlines must be incredibly vigilant when it comes to their IFE systems, ensuring that these and other systems are properly segregated and each aircraft's security posture is carefully analysed case by case.'
Mr Santamarta explained how he came to his findings: 'I've been afraid of flying for as long as I can remember. It might sound like a sick cure to some but, as a hacker, learning everything I could about how planes work, from the aerodynamics to electronics, has reduced the fear significantly.
'On a flight from Warsaw to Dubai, I discovered I could access debug codes directly from a Panasonic in-flight display. A subsequent internet search allowed me to discover hundreds of publically available firmware updates for multiple major airlines, which was quite alarming.
'Upon analysing backend source code for these airlines and reverse engineering the main binary, I've found several interesting functionalities and exploits.'
An Emirates spokesperson told MailOnline Travel: 'Emirates can confirm there is no risk to the safety of our aircraft. We have been a long-term partner of Panasonic Aviation Corporation (PAC) and we utilise their inflight entertainment (IFE) systems on our aircraft.
'Matters of aviation cybersecurity are of utmost importance to Emirates and we continuously work with Panasonic on robust assessments to update our IFE systems and have measures in place to resolve any issues.
0931
'The safety of our passengers and crew on board is a priority and will not be compromised.'
A Virgin spokesperson told MailOnline: 'In-flight entertainment systems on our aircraft are completely isolated from the flight control systems.
'The safety and security of our aircraft is our top priority and we work closely with the aircraft manufacturers, Panasonic and all third party technical suppliers to ensure any systems they provide us are safe and secure.'
Finnair also revealed that onboard its fleet 'the IFE system is designed and integrated so that there is no communication to aircraft data networks or interfaces used by critical aircraft systems.'
A spokesperson for United added: 'At United, we take all security matters very seriously and regularly add new safeguards to ensure our systems are protected.
'We support the responsible disclosure of potential security issues and will work with our technology partners, outside experts and the aviation community to carefully examine these claims.'
Tim Erlin, Senior Director, Product Management, at Tripwire commented: 'Using the in-flight entertainment system to attack an aircraft isn't a new concept. As soon as the USB and RJ45 ports started showing up in aircraft, security researchers became very interested.
'The security research community and aviation industry are clearly at odds over the feasibility and likelihood of using the in-flight entertainment system to actually affect aircraft controls. It would be a solid step forward to see co-operation instead of conflict. The majority of security researchers are interested in improving the systems they test, and partnership with industry vendors is the best way to accomplish that goal.
'Now that there's credit card data on the plane, the in-flight systems are a more attractive target for profit driven criminals. The increased interest in these systems from criminals after credit card data might result in more vulnerabilities being discovered.'
MailOnline has contacted Panasonic, Air France, Aerolineas Argentinas, Singapore Airlines, Iberia, Etihad, Qatar Airways, KLM, American Airlines and Scandinavian for comment.
http://www.dailymail.co.uk/travel/travel_news/article-4051434/How-hacker-fly-PLANE-Alarming-new-research-reveals-aircraft-s-controls-taken-remotely.html

Comments are closed.



无觅相关文章插件