Incident: In-flight Entertainment Systems Vulnerable to Cyber Attacks on Aircraft.

Published Date: 2014-08-05

Postmortem Analysis
Timeline 1. The software failure incident happened in August 2014 [Article 29208] 2. The software failure incident happened in March 2015 [Article 34374]
System 1. In-flight entertainment systems on commercial, business, private, and military aircraft, specifically on Panasonic and Thales installations [34374, 34374] 2. Satellite Data Unit (SATCOM) equipment on aircraft, including vulnerabilities in SATCOM technologies manufactured by various companies such as Cobham Plc, Harris Corp, EchoStar Corp's Hughes Network Systems, Iridium Communications Inc, and Japan Radio Co Ltd [34374, 29208] 3. Avionics systems on aircraft, potentially allowing access to critical flight environments and control interfaces [34374]
Responsible Organization 1. Hackers were responsible for causing the software failure incident by exploiting vulnerabilities in the in-flight entertainment and satellite communications systems of planes [34374, 29208].
Impacted Organization 1. Commercial and military planes, including business, private, and military aircraft, were impacted by the software failure incident due to vulnerabilities in the in-flight entertainment and satellite communications systems [34374, 29208]. 2. Aviation communications companies like Hughes Communications were also involved in the incident as they were contacted for comments regarding the vulnerabilities in the SATCOM technologies [34374].
Software Causes 1. Vulnerabilities in the in-flight entertainment systems and satellite communications systems of planes, allowing hackers to potentially gain control of the cockpit and critical flight environments [34374, 29208] 2. Weak encryption algorithms, insecure protocols, and hardcoded login credentials in the SATCOM technologies used by aviation communications companies, making the systems vulnerable to hacking [34374, 29208]
Non-software Causes 1. Lack of proper security measures in the in-flight entertainment and satellite communications systems of planes, making them vulnerable to hacking attempts [34374, 29208] 2. Use of hardcoded login credentials in the equipment from multiple manufacturers, allowing unauthorized access to critical systems [29208]
Impacts 1. The software failure incident exposed vulnerabilities in the in-flight entertainment and satellite communications systems of commercial, private, and military aircraft, potentially allowing hackers to gain control of critical systems and create chaos in the skies [34374, 29208]. 2. The incident raised concerns about the ability of hackers to remotely take control of aircraft systems, intercept, manipulate, or block communications, and potentially access avionics systems [34374, 29208]. 3. The vulnerabilities discovered in the software systems could lead to unauthorized access to the Satellite Data Unit and other critical flight environments, posing a risk to the safety and security of aviation operations [34374]. 4. The incident prompted discussions among international aviation organizations to enhance cooperation and improve cyber security capabilities in the aviation industry [34374]. 5. The software failure incident highlighted weaknesses in the security controls of aviation systems, potentially threatening the safe and uninterrupted operation of the national airspace system [34374]. 6. The incident led to increased scrutiny of the Federal Aviation Administration (FAA) for its own cyber security issues, as identified in the "Information Security: FAA Needs to Address Weaknesses in Air Traffic Control Systems" report [34374].
Preventions 1. Implementing strong encryption algorithms and secure protocols in SATCOM technologies to prevent unauthorized access [34374]. 2. Regularly updating and patching the firmware used in satellite communications equipment to fix vulnerabilities like hardcoded login credentials [29208]. 3. Conducting thorough security assessments and penetration testing on hardware and software systems to identify and address potential weaknesses [34374]. 4. Enhancing collaboration and information sharing among aviation organizations to improve cyber security capabilities [34374]. 5. Taking proactive measures to address security flaws identified by security researchers and experts [29208]. 6. Ensuring strict access control measures to prevent unauthorized physical access to critical aviation systems [29208].
Fixes 1. Implementing patches or updates to address the vulnerabilities in the in-flight entertainment and satellite communications systems discovered by security researchers like Ruben Santamarta and Chris Roberts [34374, 29208]. 2. Strengthening encryption algorithms and protocols in SATCOM technologies to prevent unauthorized access and manipulation of communications [34374]. 3. Addressing hardcoded login credentials in equipment firmware to prevent hackers from accessing sensitive systems [29208]. 4. Enhancing security measures in aviation communication systems to prevent cyber attacks through Wi-Fi and entertainment systems [29208]. 5. Collaborating with private analysts and industry partners to actively share information and improve cyber security capabilities in the aviation sector [34374]. 6. Conducting thorough security assessments, penetration testing, and reverse engineering to identify and mitigate vulnerabilities in hardware and software used in aviation systems [34374, 29208].
References 1. Chris Roberts, founder of OneWorldLabs [34374] 2. Ruben Santamarta, principal security consultant for IOActive [34374, 29208] 3. Aviation security analyst who shared findings with FoxNews.com [34374] 4. Judy Blake, spokeswoman for Hughes Communications [34374] 5. Department of Homeland Security spokesman S.Y. Lee [34374] 6. John Harrison, senior analyst at Cyberpoint [34374] 7. Government Accountability Office [34374] 8. Representatives from companies including Cobham Plc, Harris Corp, EchoStar Corp's Hughes Network Systems, Iridium Communications Inc, and Japan Radio Co Ltd [29208]

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization, multiple_organization (a) The software failure incident related to vulnerabilities in in-flight entertainment and satellite communications systems has happened again at the same organization. Security researcher Ruben Santamarta discovered vulnerabilities in the satellite communications equipment on passenger jets through their WiFi and inflight entertainment systems [29208]. Similarly, Chris Roberts, founder of OneWorldLabs, also identified susceptibilities in the system passengers use to watch television at their seats and shared his findings with the federal government [34374]. (b) The software failure incident related to vulnerabilities in in-flight entertainment and satellite communications systems has also happened at multiple organizations. The vulnerabilities were found in SATCOM technologies manufactured by some of the world's largest companies, as highlighted by Ruben Santamarta [34374]. Additionally, the research by Santamarta and Roberts showed that the vulnerabilities exist within the In-Flight Entertainment systems on both Panasonic and Thales installations, the two main providers of these systems across a wide variety of planes [34374].
Phase (Design/Operation) design, operation (a) The articles highlight a software failure incident related to the design phase. Security researchers Ruben Santamarta and Chris Roberts discovered vulnerabilities in the in-flight entertainment and satellite communications systems of planes, which could potentially allow hackers to gain control of critical systems on aircraft [34374, 29208]. These vulnerabilities were identified through reverse engineering of firmware used to operate communications equipment, indicating flaws introduced during the design and development phases of the systems. The use of weak encryption algorithms, insecure protocols, and hardcoded login credentials were among the design flaws that could be exploited by hackers to compromise the safety and navigation systems of planes. (b) Additionally, the articles suggest a software failure incident related to the operation phase. The vulnerabilities discovered by Santamarta and Roberts could be exploited through the operation of the in-flight entertainment systems and Wi-Fi networks on planes [34374, 29208]. If successfully hacked, these systems could potentially disrupt or modify satellite communications, interfering with the aircraft's navigation and safety systems. This indicates that the operation or misuse of the systems, such as unauthorized access through Wi-Fi signals, could lead to critical failures in the aircraft's communication and control systems.
Boundary (Internal/External) within_system, outside_system (a) within_system: The software failure incident reported in the articles is related to vulnerabilities within the in-flight entertainment and satellite communications systems of planes. Security researchers like Ruben Santamarta and Chris Roberts discovered weaknesses in these systems that could allow hackers to gain privileged access to critical equipment on aircraft, potentially leading to the ability to intercept, manipulate, or block communications, and even remotely take control of the physical devices [34374, 29208]. These vulnerabilities were found to exist in the SATCOM technologies manufactured by major companies, indicating flaws within the systems themselves that could be exploited by hackers [34374]. (b) outside_system: The software failure incident also involves contributing factors originating from outside the system, such as the actions of hackers or cyber attackers who exploit the vulnerabilities within the in-flight entertainment and satellite communications systems. The hackers could potentially use a plane's onboard Wi-Fi signal or inflight entertainment system to hack into its avionics equipment, disrupting or modifying satellite communications and interfering with the aircraft's navigation and safety systems [29208]. The vulnerabilities discovered by the security researchers highlight the external threat posed by hackers who could exploit weaknesses in the systems from outside the aircraft.
Nature (Human/Non-human) non-human_actions, human_actions (a) The software failure incident occurring due to non-human actions: - The articles discuss vulnerabilities in the in-flight entertainment and satellite communications systems of planes that could potentially be exploited by hackers without human participation [34374, 29208]. - Security researcher Ruben Santamarta discovered vulnerabilities in the satellite communications equipment on passenger jets through their WiFi and inflight entertainment systems, which could allow hackers to disrupt or modify satellite communications without human involvement [29208]. - The vulnerabilities were found in the firmware used to operate communications equipment made by various companies, allowing potential access to critical systems on the aircraft [29208]. (b) The software failure incident occurring due to human actions: - The articles mention that security researchers like Chris Roberts and Ruben Santamarta discovered vulnerabilities in the in-flight entertainment and satellite communications systems, which could be exploited by hackers through human actions such as reverse engineering and decoding specialized software [34374, 29208]. - The use of hardcoded login credentials in the equipment from various manufacturers was highlighted as a vulnerability that could be exploited by hackers through human actions to access sensitive systems [29208]. - The researchers decided to go public with their findings to encourage manufacturers to fix the security flaws, indicating a proactive human action in response to the identified vulnerabilities [29208].
Dimension (Hardware/Software) hardware, software (a) The software failure incident occurring due to hardware: - The articles discuss vulnerabilities in satellite communications equipment used on aircraft, which could be exploited by hackers through Wi-Fi and inflight entertainment systems [29208]. - The vulnerabilities include the use of 'hardcoded' log-in credentials in the equipment from various manufacturers, allowing unauthorized access to critical systems [29208]. (b) The software failure incident occurring due to software: - The software failure incident is primarily related to software vulnerabilities in the in-flight entertainment systems and satellite communications systems on aircraft, which could be exploited by hackers to gain control of the systems [34374, 29208]. - The vulnerabilities in the software systems could potentially allow hackers to intercept, manipulate, block communications, and even remotely take control of the physical devices on the aircraft [34374]. - The flaws in the software systems could lead to unauthorized access to the Satellite Data Unit and other critical systems on the aircraft, posing significant risks to aviation security [34374]. - The software vulnerabilities identified by security researchers could allow hackers to disrupt or modify satellite communications, interfering with the aircraft's navigation and safety systems [29208].
Objective (Malicious/Non-malicious) malicious (a) The objective of the software failure incident was malicious, as it involved vulnerabilities discovered by security researchers that could potentially allow hackers to gain control of aircraft systems through the in-flight entertainment and satellite communications systems. The vulnerabilities could be exploited by hackers to intercept, manipulate, block communications, and even remotely take control of the physical devices, posing a serious threat to aviation security [34374, 29208]. The security researchers highlighted these vulnerabilities to encourage manufacturers to address the risky security flaws in the systems. (b) The software failure incident was non-malicious in the sense that the vulnerabilities were discovered by security researchers through reverse engineering and controlled testing in laboratory environments. The researchers aimed to raise awareness about the security flaws and prompt manufacturers to fix the vulnerabilities to prevent potential cyber attacks on aircraft systems. The researchers acknowledged that their hacks were tested in controlled environments and might be difficult to replicate in the real world [29208].
Intent (Poor/Accidental Decisions) poor_decisions, accidental_decisions (a) The intent of the software failure incident related to poor decisions can be seen in the articles. The vulnerabilities in the in-flight entertainment and satellite communications systems were discovered by security researchers like Chris Roberts and Ruben Santamarta [34374, 29208]. These vulnerabilities allowed hackers to potentially gain control of the aircraft's systems, intercept communications, and even remotely take control of the physical device. Despite these serious risks, the response from airplane manufacturers and companies providing the systems was lacking. Chris Roberts mentioned that most companies did not engage in any meaningful manner to address the identified issues [34374]. (b) The intent of the software failure incident related to accidental decisions or mistakes is evident in the articles as well. The vulnerabilities in the systems were not intentional but were discovered through reverse engineering and research conducted by security analysts like Ruben Santamarta [34374, 29208]. These vulnerabilities were not deliberately introduced but existed due to flaws in the design and implementation of the systems. Additionally, the hardcoded login credentials found in the equipment from multiple manufacturers were a result of poor security practices rather than intentional actions [29208].
Capability (Incompetence/Accidental) development_incompetence (a) The software failure incident occurring due to development incompetence: - The articles highlight vulnerabilities in the in-flight entertainment and satellite communications systems of planes, which could potentially be exploited by hackers to take control of the aircraft systems [34374, 29208]. - Security researchers like Ruben Santamarta and Chris Roberts discovered flaws in the systems that could allow unauthorized access and control of critical components of the aircraft [34374, 29208]. - The vulnerabilities were attributed to weak encryption algorithms, insecure protocols, and hardcoded login credentials in the SATCOM technologies used by major aviation communications companies [34374, 29208]. - Despite the researchers sharing their findings with the federal government and aviation companies, there was a lack of meaningful engagement to address the identified issues, indicating a potential lack of response to the reported vulnerabilities [34374]. (b) The software failure incident occurring accidentally: - The vulnerabilities in the aircraft systems were discovered through reverse engineering and controlled testing in laboratory environments by security researchers like Ruben Santamarta [29208]. - The researchers acknowledged that their hacks were tested in controlled settings and might be difficult to replicate in the real world, suggesting that the vulnerabilities were not intentionally introduced but rather discovered through research efforts [29208]. - Representatives from companies like Cobham, Harris, Hughes, and Iridium downplayed the risks associated with the vulnerabilities, indicating that they may not have intentionally introduced these weaknesses but were made aware of them through external research [29208].
Duration permanent, temporary From the provided articles, the software failure incident related to the vulnerability in the in-flight entertainment and satellite communications systems on planes can be categorized as both permanent and temporary: (a) Permanent Failure: - The vulnerabilities in the in-flight entertainment and satellite communications systems, as highlighted by security researchers like Ruben Santamarta and Chris Roberts, represent a permanent failure as these flaws are inherent in the systems and can potentially be exploited by hackers indefinitely [34374, 29208]. - The hardcoded login credentials and other vulnerabilities identified in the firmware of the communication equipment indicate a permanent failure that could persist unless addressed by the manufacturers [29208]. (b) Temporary Failure: - The temporary aspect of the failure can be seen in the sense that the vulnerabilities were discovered by researchers like Ruben Santamarta and Chris Roberts, and there is a window of opportunity for these issues to be addressed and patched by the manufacturers to mitigate the risks [34374, 29208]. - The fact that the vulnerabilities were identified in controlled environments and have not been confirmed to be practically exploitable in the real world suggests a temporary nature of the failure until further exploitation or mitigation measures are taken [29208].
Behaviour crash, omission, value, other (a) crash: The articles describe potential vulnerabilities in the in-flight entertainment and satellite communications systems that could allow hackers to potentially take control of the aircraft's systems, including the ability to turn off engines at 35,000 feet without alerting the cockpit [34374]. This type of failure could lead to a system crash where the software loses its state and fails to perform its intended functions. (b) omission: The articles mention that a hacker could potentially hack into the avionics equipment through the onboard Wi-Fi signal or inflight entertainment system, which could disrupt or modify satellite communications, interfering with the aircraft's navigation and safety systems [29208]. This indicates a potential omission failure where the system omits to perform its intended functions at instances. (c) timing: There is no specific mention of a timing-related failure in the articles. (d) value: The articles discuss vulnerabilities in the satellite communications equipment that could allow hackers to access critical systems relying on satellite communications for navigation and safety [29208]. If exploited, this could lead to the system performing its intended functions incorrectly, indicating a value failure. (e) byzantine: The articles do not explicitly mention a byzantine behavior of the software failure incident. (f) other: The behavior of the software failure incident described in the articles includes potential unauthorized access to critical systems, interception, manipulation, blocking of communications, and the ability to remotely take control of physical devices [34374]. This could be categorized as an "unauthorized access" behavior in addition to the mentioned options.

IoT System Layer

Layer Option Rationale
Perception sensor, actuator, processing_unit, network_communication, embedded_software (a) sensor: Failure due to contributing factors introduced by sensor error - The vulnerability in the satellite communications systems on planes was discovered by Ruben Santamarta, who found a backdoor that allowed privileged access to the Satellite Data Unit, a critical piece of SATCOM equipment on aircraft [34374]. - Santamarta discovered vulnerabilities in the firmware used to operate communications equipment made by various companies, including Cobham Plc, Harris Corp, EchoStar Corp's Hughes Network Systems, Iridium Communications Inc, and Japan Radio Co Ltd [29208]. (b) actuator: Failure due to contributing factors introduced by actuator error - The vulnerabilities discovered by Ruben Santamarta could potentially allow a malicious actor to intercept, manipulate, or block communications, and in some cases, remotely take control of the physical device, which could impact the actuator systems on the aircraft [34374]. - Santamarta's research detailed multiple bugs in firmware used in satellite communications equipment, including aerospace applications, which could potentially affect actuator systems [29208]. (c) processing_unit: Failure due to contributing factors introduced by processing error - The vulnerabilities in the satellite communications systems could potentially allow a hacker to gain access to the avionics systems, monitor and influence control interfaces, and other critical flight environments, which could involve the processing units on the aircraft [34374]. - Santamarta's research focused on vulnerabilities in the firmware used in satellite communications equipment, which could impact the processing units on the aircraft [29208]. (d) network_communication: Failure due to contributing factors introduced by network communication error - The vulnerabilities discovered by Ruben Santamarta could allow a hacker to intercept, manipulate, or block communications, potentially affecting network communication systems on the aircraft [34374]. - Santamarta's research highlighted vulnerabilities in satellite communications equipment that could disrupt or modify satellite communications, impacting network communication systems on the aircraft [29208]. (e) embedded_software: Failure due to contributing factors introduced by embedded software error - The vulnerabilities in the satellite communications systems were related to flaws in the in-flight entertainment systems, which could be exploited by hackers to gain access to other areas of the plane's network, potentially involving embedded software vulnerabilities [34374]. - Santamarta's research focused on vulnerabilities in the firmware used in satellite communications equipment, which could be related to embedded software errors [29208].
Communication link_level The software failure incident reported in the articles is related to the communication layer of the cyber physical system that failed at the link_level. The vulnerabilities discovered by security researchers Ruben Santamarta and Chris Roberts highlight weaknesses in the in-flight entertainment systems and satellite communications equipment on aircraft, which could be exploited by hackers to gain control over the systems and potentially disrupt or modify satellite communications, interfering with the aircraft's navigation and safety systems [34374, 29208]. These vulnerabilities involve flaws in the physical layer of communication systems, such as the use of hardcoded login credentials in the firmware of the equipment, allowing unauthorized access to critical systems [29208].
Application TRUE The software failure incident reported in the articles was related to the application layer of the cyber physical system. This failure was due to vulnerabilities in the in-flight entertainment systems and satellite communications equipment that could be exploited by hackers to potentially disrupt or modify satellite communications, interfere with navigation and safety systems, and even gain control of the physical devices remotely [34374, 29208]. These vulnerabilities were discovered by security researchers Ruben Santamarta and Chris Roberts through reverse engineering and testing in controlled environments, highlighting the risks posed by flaws in the application layer of the systems.

Other Details

Category Option Rationale
Consequence property, non-human, theoretical_consequence, other (a) death: People lost their lives due to the software failure - There is no direct mention of people losing their lives due to the software failure incident in the articles [34374, 29208]. (b) harm: People were physically harmed due to the software failure - There is no specific mention of people being physically harmed due to the software failure incident in the articles [34374, 29208]. (c) basic: People's access to food or shelter was impacted because of the software failure - There is no information about people's access to food or shelter being impacted by the software failure incident in the articles [34374, 29208]. (d) property: People's material goods, money, or data was impacted due to the software failure - The software failure incident could potentially impact the safety and operation of aircraft, which could indirectly impact people's property if an incident were to occur [34374, 29208]. (e) delay: People had to postpone an activity due to the software failure - There is no mention of people having to postpone an activity due to the software failure incident in the articles [34374, 29208]. (f) non-human: Non-human entities were impacted due to the software failure - The software failure incident primarily focuses on the vulnerability of aircraft systems to cyber attacks, potentially impacting the safety and operation of the aircraft [34374, 29208]. (g) no_consequence: There were no real observed consequences of the software failure - The articles discuss potential vulnerabilities in aircraft systems due to software flaws, but there is no direct mention of real observed consequences resulting from the software failure incident [34374, 29208]. (h) theoretical_consequence: There were potential consequences discussed of the software failure that did not occur - The articles discuss theoretical consequences of the software failure incident, such as the potential for hackers to gain control of aircraft systems through vulnerabilities in in-flight entertainment and satellite communication systems [34374, 29208]. (i) other: Was there consequence(s) of the software failure not described in the (a to h) options? What is the other consequence(s)? - The articles primarily focus on the potential risks and vulnerabilities posed by the software failure incident, highlighting the need for manufacturers to address security flaws to prevent potential cyber attacks on aircraft systems [34374, 29208].
Domain transportation, finance (a) The failed system was related to the transportation industry, specifically affecting commercial, private, and military aircraft. The vulnerabilities were found in the in-flight entertainment and satellite communications systems of planes, which could potentially be exploited by hackers to gain control of the aircraft's systems and communications [34374, 29208]. (h) The failed system also has implications for the finance industry, as it involves the security and integrity of communications utilizing equipment and services provided by companies like Hughes Communications. The vulnerabilities discovered by researchers could potentially allow malicious actors to intercept, manipulate, or block communications, posing a risk to financial transactions and operations [34374]. (m) The incident is also relevant to the cybersecurity industry, as it highlights the vulnerabilities in satellite communications equipment used in aerospace, military, maritime transportation, energy, and communications sectors. The research conducted by Ruben Santamarta focused on identifying bugs in firmware used in satellite communications equipment across various industries, emphasizing the broader impact of such vulnerabilities beyond just aviation [29208].

Sources

Back to List