Collins Aerospace: Sending text messages to the cockpit with test:test
6 months ago
- #RTX
- #vulnerability
- #cybersecurity
- RTX Corporation and Department of Defense Cyber Crime Center were informed on September 21, 2025.
- Login to ARINC OpCenter Message Browser was possible using credentials test:test, posing as U.S. Navy Fleet Logistics Support Wing.
- The web service allowed sending text messages to the cockpit, though this was not tested.
- Sent messages could be viewed via the service.
- RTX did not respond to the vulnerability report, and the account was subsequently disabled.