IOActive, which found these vulnerabilities, said it is working with manufacturers to strengthen the device’s ability to withstand attacks.
“The consequences of these vulnerabilities are shocking,” IOActive’s Ruben Santamarta said in a statement. Details about the vulnerability were announced at the Black Hat Security Conference in Las Vegas on Thursday.
Santamarta said that the most vulnerable equipment is used on commercial aircraft. He said that some of the security vulnerabilities affecting the aircraft required the attacker to be on the plane himself, but he also found hundreds of vulnerable devices that could be accessed remotely over the Internet.
However, none of them could allow an attacker to access an avionics system that controls flight. Santamarta also said that other security holes were also found in the satellite ground stations on board and at US military bases.
He said that in a ship system, it is highly likely that an attacker will gain control of the satellite receiver, enabling eavesdropping or destroying the antenna by increasing the power output of the antenna.
Santamarta said that he obtained the right to use the satellite communication system through the back door in the control code. It clearly states that this backdoor is not maliciously inserted, but may be added during the software development process.
IOActive said it delayed the details of the results of the announcement and the manufacturer took action to eliminate the vulnerabilities.
It is reported that as early as 2014, Santamarta began to research, and discovered potential problems in satellite communication systems and equipment.