One researcher discovered one vulnerability which resulted in exposed to Internet light control panels mounted on tall buildings to view planes and avoid collisions. That means malicious hackers could be acquire access on the panels and turn off the lights.
This incident, like many others that have happened in the past, show that exposure is significant systems on the internet is a common phenomenon and brings many risks because it can be perceived by people with a bad intent.
This security issue was discovered by a researcher security by the name of Amitay Dan. He said: "I thought this is something that can have a direct impact on people's lives, since it can interfere with air traffic."
Hackers could take advantage of the vulnerability and affect the lights warning planes of obstacles. Dan found out 46 online exposure control panels.
Dan used a search engine to find exposed control systems. THE researcher sent some information to the government service Federal Aviation Administration (FAA) and the lighting systems manufacturer, Dialight.
"This vulnerability appears to allow any user to access the lighting control panel," an FAA official said. This means that anyone could to change the intensity of the lights as well as to turn them on or off.
Dan said he had warned the FAA and Dialight about the serious safety issue twice, in May and August.
The FAA had said in August that it had received reports on the security issue but it was not its responsibility to correct the issue.
However, on November 18, he sent a letter to Dan saying:
“The FAA does not generally control accessibility and safety of non-federal obstruction lighting systems, however, this vulnerability raises safety concerns and the FAA agrees that it must be corrected. "
In the letter, it was also mentioned that the FAA was pushing Dialight further, which recruited a team specialists to deal with the problem.
"They have also implemented security credentials for all new products so that the same problem does not occur again," the letter said. Later, Dialight itself sent a letter to Dan confirming that the security issue had been fixed.
A Dialight spokesman said the company was informed of the issue and was working to correct it. Also, everyone was notified customers affected.