A security researcher from Security firm IOactive found security flaws in Panasonic's cabin entertainment systems. The flaws were found back in March 2015 but were not reported till now.
Passengers who use in-seat USB ports, attackers could hack passengers' credit-card data when they pay to access to wifi or premium movies, spoof the data sent to seat-back screens, switch off lights, change altitude readings, display bogus maps and broadcast messages via the PA.
The vulnerabilities were found by Ruben Santamarta in the Panasonic Aero in-flight systems at security firm IOActive.
The Aero cabin entertainment system are used by many different airlines including Virgin, Emirates, AirFrance, American Airlines and KLM.
However, Panasonic rebuked all the claims by the IOActive and said that the findings were "not based on any actual findings or facts".
"The implied potential impacts should be interpreted as theoretical at best, sensationalizing at worst, and absolutely not justified by any hypothetical vulnerability findings discovered by IOActive," said a spokesman for Panasonic Avionics Corporation.
Panasonic also claimed that they had reviewed "all of the claims made by Mr. Santamarta" all his concerns had been remedied.
Santamarta wrote on his blog, "So how far can an attacker go by chaining and exploiting vulnerabilities in an In-Flight Entertainment system? There’s no generic response to this, but let's try to dissect some potential general case scenarios by introducing some additional context (nonspecific to a particular company or system unless stated).
Relying exclusively on the DO-178B standard that defines Software Considerations in Airborne Systems and Equipment Certification, the IFE would technically lie within the D and E levels. Panasonic Avionics’ IFE, in particular, is certified at Level E. This basically means that even if the entire system fails, the impact would be something between no effect at all and passenger discomfort.
Also, I should mention that an aircraft's data networks are divided into four domains, depending on the kind of data they process: passenger entertainment, passenger-owned devices, airline information services, and finally aircraft control.
Physical control systems should be located in the Aircraft Control domain, which should be physically isolated from the passenger domains; however, this doesn’t always happen. Some aircraft use optical data diodes, while others rely upon electronic gateway modules. This means that as long as there is a physical path that connects both domains, we can’t disregard the potential for attack.
In-flight entertainment systems may be an attack vector. In some scenarios, such an attack would be physically impossible due to the isolation of these systems, while in others an attack remains theoretically feasible due to the physical connectivity. IOActive has successfully compromised other electronic gateway modules in non-airborne vehicles. The ability to cross the “red line” between the passenger entertainment and owned devices domain and the aircraft control domain relies heavily on the specific devices, software, and configuration deployed on the target aircraft."
Passengers who use in-seat USB ports, attackers could hack passengers' credit-card data when they pay to access to wifi or premium movies, spoof the data sent to seat-back screens, switch off lights, change altitude readings, display bogus maps and broadcast messages via the PA.
The vulnerabilities were found by Ruben Santamarta in the Panasonic Aero in-flight systems at security firm IOActive.
The Aero cabin entertainment system are used by many different airlines including Virgin, Emirates, AirFrance, American Airlines and KLM.
However, Panasonic rebuked all the claims by the IOActive and said that the findings were "not based on any actual findings or facts".
"The implied potential impacts should be interpreted as theoretical at best, sensationalizing at worst, and absolutely not justified by any hypothetical vulnerability findings discovered by IOActive," said a spokesman for Panasonic Avionics Corporation.
Panasonic also claimed that they had reviewed "all of the claims made by Mr. Santamarta" all his concerns had been remedied.
Santamarta wrote on his blog, "So how far can an attacker go by chaining and exploiting vulnerabilities in an In-Flight Entertainment system? There’s no generic response to this, but let's try to dissect some potential general case scenarios by introducing some additional context (nonspecific to a particular company or system unless stated).
Relying exclusively on the DO-178B standard that defines Software Considerations in Airborne Systems and Equipment Certification, the IFE would technically lie within the D and E levels. Panasonic Avionics’ IFE, in particular, is certified at Level E. This basically means that even if the entire system fails, the impact would be something between no effect at all and passenger discomfort.
Also, I should mention that an aircraft's data networks are divided into four domains, depending on the kind of data they process: passenger entertainment, passenger-owned devices, airline information services, and finally aircraft control.
Physical control systems should be located in the Aircraft Control domain, which should be physically isolated from the passenger domains; however, this doesn’t always happen. Some aircraft use optical data diodes, while others rely upon electronic gateway modules. This means that as long as there is a physical path that connects both domains, we can’t disregard the potential for attack.
In-flight entertainment systems may be an attack vector. In some scenarios, such an attack would be physically impossible due to the isolation of these systems, while in others an attack remains theoretically feasible due to the physical connectivity. IOActive has successfully compromised other electronic gateway modules in non-airborne vehicles. The ability to cross the “red line” between the passenger entertainment and owned devices domain and the aircraft control domain relies heavily on the specific devices, software, and configuration deployed on the target aircraft."