Are you afraid of flying? The following information won’t make you feel any safer.
Inflight Entertainment systems (IFE) have evolved significantly over the years. Nowadays you can actually connect via your own mobile device to the IFE system and watch TV series, movies or just listen to music and see the flight status. Sounds good, right?
Well, yes and no. We all agree that flights should include some kind of entertainment to “survive” these hours of boredom on the flying metal box. However should airlines risk flight security for the latest Box office blockbuster?
According to the FBI, Chris Roberts (cyber security consultant) has hacked computer systems aboard airliners approximately 20 different times in the past 5 years. Roberts said that in one case he was able to hack the systems and issue a “climb” command instructing the plain to increase altitude. According to Roberts three Boeing and one Airbus aircraft have been hacked by exploiting vulnerabilities in the IFE systems. The allegedly exploited systems were Thales and Panasonic IFEs.
Roberts physically accessed the Seat Electronic Box (SEB) installed under his seat. Access to the SEB allowed Roberts to hack into additional aircraft network systems to control engines and view network traffic accessible in the cockpit.
Roberts studied the IFE and performed Pen tests on the IFE. He found that the using the default IDs and passwords got him into the systems.
A few questions to take away –
Full details of the FBI search warrant – http://aptn.ca/news/wp-content/uploads/sites/4/2015/05/warrant-for-Roberts-electronics.pdf
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.