1. Computing

Researchers find way to hack Panasonic’s in-flight entertainment systems

By

researchers hack panasonic in flight avionics
Panasonic Avionics
Researchers working for the cybersecurity consultancy group IOActive discovered some troubling vulnerabilities in Panasonic Avionics’ in-flight entertainment systems. The company’s avionics subsidiary supplies hardware to 13 different airlines: Aerolineas Argentinas, Air France, American Airlines, Emirates, Etihad Airways, Finnair, Iberia, KLM, Qatar Airways, Scandinavian Airlines, Singapore Airlines, United Airlines, and Virgin America.

“I discovered I could access debug codes directly from a Panasonic in-flight display,” IOActive’s Ruben Santamarta said in a statement. “A subsequent internet search allowed me to discover hundreds of publicly available firmware updates for multiple major airlines, which was quite alarming.”

Santamarta performed further analysis in an attempt to find out what hackers could accomplish by interfering with an avionics device. He found it was possible to manipulate what was being displayed on the screen, to send out fake announcements over the PA system, and to control cabin lights and the reclining seats in the first-class section of the plane. There was also evidence that credit card details belonging to frequent flyers and VIP members could be stolen in this manner.

However, all of these attacks would pale in comparison to the potential for criminals to take control of the aircraft itself. Fortunately, this is impossible in most circumstances, according to a report from Tech Spot.

Most airlines keep the aircraft control domain physically isolated from the passenger entertainment domain, which means that there is no way to use in-flight entertainment hardware to interfere with the vessel’s controls. However, Santamarta states this is not always the case and urges airlines to be “incredibly vigilant” about this kind of threat.

IOActive reported these security flaws to Panasonic in March 2015 and has waited until now to release the information to the public so that the company would have time to make improvements. This is not the first time that the consultancy firm has shed light on a potential security breach — it played a key role in publicizing the high-profile Jeep hacking risk that led to a major recall in 2015.

Editors' Recommendations

The best mobile credit card readers for small businesses in 2020

mobile-pay-feature-image

Forget AR glasses. Augmented reality is headed to your windshield

envisics ar windshield technology dashboard navigation 01

The most common Nintendo Switch problems, and how to fix them

how to set up two-factor authentication for your Nintendo Account

15 awesome flying taxis and cars currently in development

Porsche Boeing flying taxi

Should you overclock your CPU?

digital storm bolt ii cpu fans

How to convert VHS to DVD, Blu-ray, or digital

VHS tape lifestyle DVD burner combo deck

Here’s how to give a Steam game as a gift

Got an NES Classic? Here’s how to hack it to play more than 700 games

How to make a video game

How to stream on Twitch from a PC, Mac, PlayStation 4, or Xbox One

The best desktop monitor deals for October 2020

Dell UltraSharp 27 4K PremierColor Monitor

Dell Small Business Black Friday Sneak Peek: The best deals

dell vostro 14 5490 small business laptops

How to make a Discord bot

how to make a discord bot connect to discord

We tested the IdeaPad Slim 7 with Intel and AMD CPUs, and found a clear winner

The best iPad keyboards for 2020