What happens after a security researcher goes public with vulnerabilities he discovered in airplane in-flight entertainment systems and then goes a step further by suggesting that it is theoretically possible for hackers to control some of those systems? High drama.
IOActive security researcher Ruben Santamarta said he discovered several security flaws – SQL injection (video), a credit card check bypass (video) and arbitrary file access (video) – in Panasonic Avionics’ in-flight entertainment (IFE) systems. Panasonic’s systems are used by several airlines such as American Airlines, United and Virgin, based on publicly available firmware updates he found after some searching. Santamarta does “not believe these systems can resist solid attacks from skilled malicious actors.”