Want to hack an inflight entertainment system? Panasonic Avionics, the industry leader in embedded IFE systems is inviting “white hat” hackers to probe for vulnerabilities in its platforms at the DefCon conference this week in Las Vegas. The effort is being coordinated by HackerOne, a bug bounty platform that connects ethical hackers with businesses to find system holes and patch them before they can be exploited.
While Panasonic Avionics already makes significant system security investments internally, Michael Dierickx, the firm’s director of security engineering and information security officer, describes the HackerOne partnership as a useful exercise, saying:
[T]hese teams bring a fresh perspective and innovative ways to search for potential issues. We want to harness this out-of-the-box thinking and create a win-win scenario that rewards both Panasonic and [the white hat] community.
In the past, airframers and IFE stakeholders have been loathe to say definitively that their systems cannot be hacked because doing so may have the undesired effect of further challenging black hat hackers.
Though Panasonic believes its products are secure, the company wants to be more vocal in the industry about security challenges, and how it mitigates them. RGN understands that this HackerOne partnership is one of several efforts expected from the company in the coming months on that front.
It was more than a year ago that white hat hacker Chris Roberts claimed to have hacked the inflight entertainment system on a United Airlines flight, touching off a storm of speculation and disputes as to whether what he claimed was possible and, if so, significant. The news was covered broadly enough that it raised the stakes for all IFE vendors. By engaging more in the public sphere on this topic Panasonic hopes to actively demonstrate the security of its systems and also ensure that the discourse around such security is handled in an informed manner.