Can a plane be hacked via in-flight Wi-Fi? Researcher says it's so

Much of the equipment that planes and ships use to access satellite communications networks is wide open like the sea and sky itself, says a security researcher presenting his findings later this week.

Eric Mack Contributing Editor
Eric Mack has been a CNET contributor since 2011. Eric and his family live 100% energy and water independent on his off-grid compound in the New Mexico desert. Eric uses his passion for writing about energy, renewables, science and climate to bring educational content to life on topics around the solar panel and deregulated energy industries. Eric helps consumers by demystifying solar, battery, renewable energy, energy choice concepts, and also reviews solar installers. Previously, Eric covered space, science, climate change and all things futuristic. His encrypted email for tips is ericcmack@protonmail.com.
Expertise Solar, solar storage, space, science, climate change, deregulated energy, DIY solar panels, DIY off-grid life projects, and CNET's "Living off the Grid" series Credentials
  • Finalist for the Nesta Tipping Point prize and a degree in broadcast journalism from the University of Missouri-Columbia.
Eric Mack
2 min read

The skies are wide open, perhaps too wide open. Daniel Terdiman/CNET

In a world where everything from the latest breaking news to "Lost" provides plenty of reasons to worry about your next flight, here's one more thing to justify your travel neuroses -- it's theoretically possible for a flight to be hijacked using only the in-flight Wi-Fi.

I'll wait while you strongly reconsider that weekend getaway plane ride to the beach or grandma's house.

This latest reason to freak out about flying comes from security consultant Ruben Santamarta, who will be presenting his findings this week at the annual Black Hat gathering of hackers and cybersecurity researchers in Las Vegas. Santamarta's research focuses on the vulnerability of the ground stations that are used to jack into our global network of satellite-based communications.

According to a preview of Santamarta's talk on the Black Hat website, his team used the same devices often used to access satellite communications networks for air and sea travel and "found that 100 percent of the devices could be abused."

The vulnerabilities exposed could allow remote, unauthorized users to gain access to systems we really don't want unauthorized users going anywhere near. And exploiting these faults can be disturbingly simple.

"In certain cases no user interaction is required to exploit the vulnerability, just sending a simple SMS or specially crafted message from one ship to another ship can do it."

And you thought last year's news of high-tech toilets getting hacked was bad.

Most terrifying to the average air traveler is the notion that a hacker could theoretically use in-flight Wi-Fi or another entertainment system to hack into the plane's avionics equipment and interfere with navigation or safety systems.

"These devices are wide open. The goal of this talk is to help change that situation," Santamarta told Reuters.

The good news is that so far the hacks have only been simulated in the lab. And he told Reuters that they might be hard to duplicate in the real world. Manufacturers of satellite communications equipment have so far responded that the risk of equipment being compromised is minimal.

Santamarta says he will respond in his talk scheduled for Thursday.

This puts us in that worrying position where a new vulnerability has been exposed to the world, bad actors and do-gooders alike. So now the race is on between companies looking to patch or fix these vulnerabilities (if they exist as described) and hackers possibly looking to make a name for themselves trying the exploit in the real world.

Or perhaps we can just tell ourselves that this Santamarta guy probably isn't nearly as smart as he appears so we can all rest a little easier on our next transcontinental flight. He seems pretty smart, though. We shall see later this week.