heise PlusAbo
Anzeige

Collins Aerospace: Weak Passwords Allowed Messages to Cockpits

Insufficient access protection at Collins Aerospace allowed messages to be sent to aircraft cockpits.

listen Print view

(Image: aapsky/Shutterstock.com)

2 min. read
Security
By

Collins Aerospace has deep-seated IT security problems. At the end of September, the service provider for various airports worldwide experienced a data breach, which the company described as ransomware that took boarding and check-in systems offline, subsequently affecting flight operations at airports in Berlin and Brussels. Now, the Chaos Computer Club (CCC) has discovered that other systems were also poorly secured, making it possible, for example, to send messages to aircraft cockpits.

The recent data leak was due to credentials from the year 2022 dates back to credentials from 2022, which have not been changed since and were leaked to the internet due to an infostealer. Even more perplexing is the access, now found by the CCC, protected with trivial credentials. Collins Aerospace operates the ARINC Opcenter, which distributes and processes messages to and from aircraft, such as operational data. This includes ACARS (Aircraft Communications Addressing and Reporting System) messages, which contain technical status data, flight plans, or delays.

Trivial Credentials for Messaging Service

The CCC was able to log into the ARINC OpCenter and subsequently the Message Browser, using the username “test” and, as IT experts will surely have guessed, the password “test.” A entry in the Wayback Machine (PDF) shows the user interface and the query of messages for a specific aircraft. The access identified the IT researchers as “US Navy Fleet Logistics Support Wing”.

With this access, sent messages could be viewed. The portal also allows sending messages to the aircraft cockpit – which the CCC explicitly did not try.

Videos by heise

The CCC analysts have contacted both Collins Aerospace's parent company, RTX Corporation, and the US Department of Defense Cyber Crime Center, informing them of the vulnerability. There was no response. However, the access has since been deactivated.

The lack of password hygiene and access security at Collins Aerospace appears to be a more far-reaching problem than the cyberattack in September suggested. This is all the more serious because the company operates a system that is used globally and extends into aircraft cockpits, such as ARINC.

(dmk)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten