A Brazilian researcher, known online as Boot Santos, has discovered a vulnerability in the LATAM Airlines entertainment system, LATAM Play.
According to Santos, the vulnerability of the software does not jeopardize the critical systems of aircraft, such as the onboard computer responsible for piloting the aircraft.
Failure is limited to a software error that allows a malicious traveler to access company laptops and mobile phones during a flight by transferring malicious software through an internal phishing procedure.
The concern is that this malware can work even after the flight, according to Santos, through another internet network. It is transmitted via the company's application, which can be downloaded from the wi-fi system of the aircraft.
LATAM Play is available for wai-fi passengers, according to Santos, all content is included in a server that can be accessed by a hacker during a flight with this vulnerability.
In a note, the airline explained this "problem" for passengers:
"The LATAM entertainment system, LATAM Play, has been used since 2014 on narrow-body aircraft that serve domestic flights and between South American countries. related application. LATAM and its suppliers, Zodiac Inflight Innovation and Gogo, are constantly testing to identify security issues, improve the system, and improve customer experience. In this case, the solution is already in the process of being developed and will be implemented throughout the fleet.
The company ensures that the LATAM Play application is limited to the onboard entertainment system and in no way compromises the safety of flight or airplane systems. LATAM Play has the same nature as other embedded entertainment systems used in companies around the world – an open network. Therefore, LATAM recommends that the same care that customers take in their daily access to public networks of hotels, airports and restaurants should also be applied to aircraft access to the network: to maintain the personal device always with tools and controls installed, such as an antivirus and strong password to unlock the device. The company always recommends installing software and applications from trusted sources, for example from the official Apple Store stores and Google Play stores".
Via – Hack