Security researchers have found that passenger aeroplanes carrying a certain type of in-flight entertainment system are vulnerable to hacks. The vulnerabilities in the Panasonic Avionics in-flight entertainment system could grant hackers access to a plane’s vital systems, including the flight controls.
The flaw in the Panasonic system – which is in use in planes belonging to United, American Airlines, Virgin, Emirates, Etihad, FinnAir, KML, Iberia, Qatar, Scandinavian, Singapore, Aerolineas Argentinas, and Air France – was discovered by IOActive’s Ruben Santamarta.
“I discovered I could access debug codes directly from a Panasonic inflight display,” Santamarta told TechSpot. “A subsequent internet search allowed me to discover hundreds of publicly available firmware updates for multiple major airlines, which was quite alarming. Upon analyzing backend source code for these airlines and reverse engineering the main binary, I’ve found several interesting functionalities and exploits.”
IOActive first discovered the flaws back in March 2015, at which point it reported its findings to Panasonic. Santamaria feels confident releasing this information publicly now since the company has had “enough time to produce and deploy patches, at least for the most prominent vulnerabilities.”
That does not mean other vulnerabilities don’t exist, either in Panasonic or another supplier’s in-flight entertainment systems.
“I don’t believe these systems can resist solid attacks from skilled malicious actors,” Santamarta added. “This only depends on the attacker’s determination and intentions, from a technical perspective it’s totally feasible.”
