Why nominated: Dani Martínez proved to be a self-starter. Beginning his career in IT, he soon developed an interest in cybersecurity and began taking online courses in his spare time. Martínez dove right in and began a cybersecurity blog where he not only showcased his work, but was able to display his hacking skills. This bit of self-promotion paid off as he was soon recruited by a security firm and he moved over to being a security auditor and pen tester.
Profile: Martínez spent the early part of 2018 conducting research on mobile applications used by airlines to manage cabin controls and in-flight entertainment systems and in doing so, he made some important discoveries.
He found many airlines implement control systems that can be managed from mobile devices owned by crew members and/or passengers to manage cabin capabilities, such as cabin temperature, light intensity and much more. He determined that if an attacker downloads a Cabin Management System application and connects to the plane’s WiFi, the attacker can create a number of dangerous and disruptive situations.
Martínez also discovered two major vulnerabilities in airlines’ cabin control applications that an attacker could use to exploit critical airplane controls and other connected devices. For example, if attackers gain access to the plane’s network, they could send malicious information to the server and then can connect to the phones of other users. Additionally, an attacker could connect to real aircraft access points and force devices that are connected to the network to get a new configuration file. This could lead to dangerous situations such as creating discomfort and potential chaos onboard an in-flight aircraft by altering the temperature to a higher or lower value or modifying light intensity, switching off or blinking.
What colleagues say: “I have had the pleasure of working with Daniel Martinez for over a year now. I work as his manager and I can confidently say he is an asset for our team, both from a technical and personal perspective. Before he joined IOActive, we had been following closely his activity as he seemed to be a perfect fit for our organiz ation. Once we managed to attract him to work for IOActive, we immediately realized we were right.” – Alfredo Pironti, Associate Director of Services, IOActive