pa2a.org


Share Thread:  
Total Design failure an ineptitude
#1
Hacker Claims He Can Hijack Any Airplane Using a Mobile App

http://www.cnbc.com/id/100634217

Quote: According to a report from Computerworld, Hugo Teso—a security consultant at the German security firm n.runs—showed how anyone with some basic knowledge and the right devices can take complete control over an aircraft from a remote location without ever having contact with the targeted plane.

(Read More: How to Protect Your Devices From New Hack Threat )

Basically, critical security vulnerabilities in aircraft communication and tracking systems make hacking planes quite simple.

The Automated Dependent Surveillance-Broadcast (ADS-B)—the surveillance technology aircraft use for tracking—and the Aircraft Communications Addressing and Reporting System (ACARS), which is the technology used to exchange messages between aircraft and ground stations via radio or satellite, have no encryption, meaning they are open for exploitation.

If this is true, this is very scary. In today's world there is no fucking reason to not be using secure communications other that the designers are complete and total idiots.
Reply
#2
Another article: http://blogs.computerworld.com/cybercrim...k-airplane
Reply
#3
Insert epic facepalm. Confused
“Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.”

William Pitt
Reply
#4
Oh please fly them into the capital building and the white house if you're going to do this. Lots at the same time they are heavily armored. Gonna suck for the innocents but if youre going to kill innocent people make sure you at least take out the enemy...
Reply
#5
If it was that easy, it would have been done already.
Vampire pig man since September 2012
Reply
#6
Camper;95200 Wrote:If it was that easy, it would have been done already.

It isn't that it's easy, as it still does require knowledge of the systems and the hardware would need to be found. Most control systems that use PLC's have no security in place to authenticate to the device, nor is the communications protocol encrypted. They rely completely upon third party devices to keep them protected. But since this is communicating via RF, it's a failure on the engineer's part to not have included encryption in the control protocol.

It's only in the past few years that there's been a push to start adding security to these types of devices, but it's a slow adoption by all the industries that use them because of the expense involved in replacing them. Companies buy control systems to last 20 to 30 years before replacement so just pulling the gear out because what is perceived by management as a "small flaw" just doesn't seem reasonable.

I guess we'll see how quickly this problem actually gets fixed. I'm sure the first time squadrons of ghost planes appear at Dulles ATC a law will quickly be passed making it illegal to make squadrons of ghost planes appear, and the problem will be "solved".
Reply
#7
streaker69;95245 Wrote:I guess we'll see how quickly this problem actually gets fixed. I'm sure the first time squadrons of ghost planes appear at Dulles ATC a law will quickly be passed making it illegal to make squadrons of ghost planes appear, and the problem will be "solved".

Once and for all!
TheWolff, proud to be a member of pa2a.org since Sep 2012.
Reply
#8
Kind of along the lines of what I mentioned about control systems.

http://baltimore.cbslocal.com/2013/04/27...unty-jail/

Quote:Wallenstein says the cell door locks also disengaged Tuesday. Officials are trying to determine the source of the problem in the electronic system. The doors are guided by computer programs and correctional officers.

It has been discussed in some of the hacking circles about attacking the prison control systems. It wouldn't surprise me to find out that many prisons are using PLC's to control the door locks, and depending upon which type of PLC they're using they're possibly quite insecure. Obviously the best practice would be that these system to be isolated from the world, but that doesn't happen all the time. All it could take to give access to these systems to the world would be someone connecting the wrong network switch to the wrong port.

The Captain Obvious Award goes to:

Quote:Wallenstein says any security door opening unexpectedly is a major security problem.
Reply






Possibly Related Threads...
Thread Author Replies Views Last Post
  Peters Ralph Calls Obama a ‘Total Pussy’ on Live Television das 8 2,789 12-12-2015, 04:38 PM
Last Post: 39Flathead
  More TSA Failure streaker69 4 887 02-08-2013, 07:46 PM
Last Post: panopticonisi
  Texas Middle School Students Being Asked To Design Flags For A “New Socialist Nation” middlefinger 5 825 02-05-2013, 12:03 PM
Last Post: spblademaker



Users browsing this thread: 1 Guest(s)

Software by MyBB, © 2002-2015 MyBB Group.
Template by Modogodo Design.