Hackers Demonstration for SQL Injection – In-Flight Entertainment System Can Hacked

By | December 21, 2016


Hackers demonstrate SQL injection vulnerability in a in-flight entertainment system. It is being used by the leading airlines, including Emirates, United, American Airlines, Virgin, and Qatar, could let hackers hijack several flight systems and even take control of the plane.

Security researchers explained in IOActive, the security vulnerabilities resides in the Panasonic Avionics In-Flight Entertainment (IFE) system used in planes run by 13 major airlines, providing a gateway for hackers which is absolutely terrifying.

Using SQL injection vulnerability hackers can get access to credit card details of passengers stored in the automatic payment system and use their frequent flyer membership details to capture personal data.

These vulnerabilities were reported to Panasonic in March last year, and the researcher waited more than a year and a half to go public, so the company had “enough time to produce and deploy patches, at least for the most prominent vulnerabilities.”

Emirates is working with Panasonic to resolve these issues and regularly update its systems. “The safety of our passengers and crew on board is a priority and will not be compromised,” Emirates said, reported the Telegraph.