Aircraft Warning Lights Used By Planes to Avoid Obstacles Found Exposed to The Open Internet

Aircraft warning lights are obviously an important part of aviation since they facilitate the airplanes in tracking obstacles. A slight glitch with these lights may lead to catastrophic disasters. Recently, a researcher discovered vulnerabilities with these aircraft warning lights that could allow hackers to access the control systems.

Aircraft Warning Lights Vulnerabilities

Israeli researcher Amitay Dan found systems exposed to the internet. Therefore potentially making it possible for an attacker to access the systems and manipulate the settings.

As he told Motherboard,

I was thinking that this is something that can impact directly [lives] of people, by interfering with air traffic.

He caught 46 light panels installed at various locations exposed online. Some of these include the installations in Baltimore; Tuscola, Illinois; Decatur, Texas; and Ontario, Canada, for various lighting various structures such as cell phone towers.

Patches Rolled Out

Upon discovering the bugs, the researcher informed the Federal Aviation Administration (FAA) of the matter. In response, the FAA acknowledged the bug threatened aviation systems.

It appears that this vulnerability allows users to access the control panel of the Obstruction Light Control system, and provides controls to change the intensity of the light fixtures, turn them on, and turn them off.

Furthermore, he also reported the vulnerabilities to the obstruction lights manufacturer Dialight. According to their statement shared with Motherboard,

Dialight can confirm that we have been made aware of the issue of certain customers not using our tower monitoring hardware within their secure networks by the FAA. This is an isolated situation affecting only the tower monitoring system.

Consequently, the makers addressed the vulnerabilities across all systems.

At this time, we can report that the issue is contained. We have notified these customers and helped guide them on properly securing their systems.

The FAA also confirmed additional steps from Dialight,

They have also implemented security credentials for all new products so that [the] problem does not happen again.

Let us know your thoughts in the comments.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil