14 DAY TRIAL // IOActive researcher Ruben Santamarta revealed yesterday that flaws he discovered in the Panasonic entertainment system used by 13 major airlines could allow attackers to even get control of an aircraft and interfere with the other systems on-board, including passenger displays and navigation controls.
Panasonic, however, explains in a mailed statement that all these claims are “highly misleading” and says that IOActive does nothing more than to “falsely alarm the flying public.”
The company emphasizes that such an attack is not possible, accusing the security firm of sending an “unfounded [and] unproven conclusion” to the press.
“The conclusions suggested by IOActive to the press are not based on any actual findings or facts. The implied potential impacts should be interpreted as theoretical at best, sensationalizing at worst, and absolutely not justified by any hypothetical vulnerability findings discovered by IOActive,” Panasonic told us in the statement.
“Minor” bugs already patched
Panasonic explains that the firm indeed received Santamarta’s reports in May 2015 and earlier this year, and everything was closely investigated, but aside from a few minor issues, which have already been fixed, nothing that could compromise the control of an aircraft was detected.
“IOActive, in statements to the press, inappropriately mixed a discussion of hypothetical vulnerabilities inherent to all aircraft electronics systems with specific findings regarding Panasonic’s systems, creating a highly misleading impression that Panasonic’s systems have been found to be a source of insecurity to aircraft operation,” the firm continues.
Panasonic goes on to explain that Santamarta’s research was based on an “unauthorized testing” and adds that security engineers who want to search for bugs in its systems can participate in the legitimate bug bounty program that the firm already launched and which it uses to get in touch with experts to improve the security of its products.
The firm eventually calls for IOActive to make it clear that its research doesn’t prove that hackers could use vulnerabilities in its devices to compromise aircraft systems. You can read the full statement provided by Panasonic in the box below. We’ve also contacted IOActive for a statement and will update the article when it’s released.