Re: How To Hijack An Airplane With Android: Security Specialist Exposes Massive Holes In Airline Cyber Security

[Bill Terwilliger <sideshowtwig () gmail com>]

We all stand on the shoulders of those that come before us. 20 minutes into Renderman's talk, he gave credit to 
previous researchers who discovered the same issues.  And, Hugo gave credit at the end of his talk. 

That said, I was at Hugo's talk and I just listened to Renderman's talk, and I'd argue that Hugo's work was absolutely 
novel:

- Hugo built a full lab that Renderman said would be too expensive (and may have been in 2012)
- Hugo actually looked at the flight plan vector that Renderman admitted to not understanding.
- Nick Foster actually did the PoC work for Renderman's talk. Hugo went well beyond Nick's PoC in constructing the lab 
alone.
- Hugo actually found vulnerabilities in the platforms, wrote exploits, an exploit framework and an android app for 
controlling everything.  His PoC even had an "evade pilot" feature to make detection more difficult. Very well thought 
out.
- Hugo's research explained the conditions when the pilot would notice a compromise.  His experience as a pilot alone 
made the research useful. Many fewer "I don't knows" In Hugo's talk.
- Most importantly, Hugo for the first time showed us that the real purpose of "airplane mode" on a cell phone is for 
controlling the airplane. (It was funnier when he said it during his talk.) :)

--bill

On Apr 12, 2013, at 2:28 AM, Daniel Preußker <daniel () preussker net> wrote:

> I'm sorry, but you should give credit to who actually found the vuln.
>
> and it was at DefCon20.
> Here the talk:
>
> http://www.youtube.com/watch?v=CXv1j3GbgLk
>
> Please dont hype people who re-chew the work of other's, thanks.
>
> - Daniel Preussker
>
> Linux Research & Security
>
>
> Am Donnerstag, den 11.04.2013, 19:00 +0200 schrieb Jeffrey Walton <noloader () gmail com>:
> > http://www.ibtimes.com/how-hijack-airplane-android-security-specialist-exposes-massive-holes-airline-cyber-security-1186625
> >
> > German security consultant Hugo Teso exposed massive holes in aircraft
> > security when he showed at the "Hack in the Box" conference in
> > Amsterdam on Wednesday evening how to completely take over – and even
> > crash – a commercial airplane. All you need is an Android phone, a
> > radio transmitter and some knowledge about flight-management software.
> >
> > Perhaps the most frightening part is that you don’t even have to be on
> > the airplane when you hijack it. The entire attack can be done
> > remotely from the ground, so not even full-body scans at the airport
> > can prevent it.
> >
> > Turns out that the Automatic Dependent Surveillance-Broadcast, the
> > technology used to track aircrafts, is unencrypted and
> > unauthenticated. This lack of security was exposed in 2012 when
> > hackers inserted ghost airplanes into radar.
> >
> > The Aircraft Communications Addressing and Reporting System, the
> > digital system for sending short messages between aircrafts and ground
> > stations via radio, also lacks security. Teso exploited these
> > vulnerabilities for his attack.
> >
> > After purchasing a flight-management system from eBay to study flight
> > code, Teso learned how to read and send Aircraft Communications
> > Addressing and Reporting System messages. He then used a radio
> > transmitter to audit actual aircraft code, and built an Android app
> > that delivers attack messages to an airplane’s computer.
> >
> > Teso could use the app to completely commandeer the steering of a
> > Boeing jet once it goes on autopilot. The only countermeasure would be
> > for pilots to turn off autopilot. The problem, as a Computer World
> > blog post pointed out, is that even if the pilots realized the
> > steering had been hijacked, many airplanes no longer have the
> > equipment necessary for manual flying.
> >
> > The app, which Teso named PlaneSploit, could take control of almost
> > all of an airplane’s systems. He could manipulate the pilots’ lights
> > and alarms, trigger the oxygen masks to drop, and even make the
> > airplane crash.
> >
> > Using a Samsung Galaxy smartphone and some virtual airplanes, Teso
> > demonstrated live how to hack an airplane’s computer. The slides from
> > the presentation can be found here.
> >
> > [YOUTUBE Video]
> >
> > Thankfully, Teso has no plans to release PlaneSploit to the Google
> > Play Store -- not that it would be accepted; however, his presentation
> > showed that airlines need to take immediate steps to protect their
> > networks before a more malevolent hacker makes plans.
> > _______________________________________________
> > Fun and Misc security discussion for OT posts.
> > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> > Note: funsec is a public and open mailing list.
>
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.