My Thoughts on Technology and Jamaica: Cybersecurity Researcher Ruben Santamarta says In-Flight Wi-Fi can hack Airplanes - How Malaysian MH17 shot down over Ukraine may be Secret Service Related

Sunday, August 24, 2014

Cybersecurity Researcher Ruben Santamarta says In-Flight Wi-Fi can hack Airplanes - How Malaysian MH17 shot down over Ukraine may be Secret Service Related

“These devices are wide open. The goal of this talk is to help change that situation”

Cyber Security firm IOActive researcher Ruben Santamarta explaining his work on Airplane Hacking to Reuters

Airplanes are not safe, even from hackers.

So says Cyber security researcher Ruben Santamarta, a 32 year old Consultant with Cyber security firm IOActive. In a 25 page report submitted at the Black Hat Hackers Conference in August 2014, he detailed a means by which hackers could gain control of an airplane via the in-flight Wi-Fi as stated in “Can a plane be hacked via in-flight Wi-Fi? Researcher says it's so”, published August 4, 2014 3:38 PM PDT by Eric Mack, CNET News.

His research, which he chose to make public to raise awareness on the issue, reveals that airplanes are just as easy to hack as Motor Vehicles as another pair of Security Researchers Charlie Miller and Chris Valasek revealed as explained in my blog article entitled Automotive Security Researchers tell CNN Money Vehicles are hackable - How Vehicle Entertainment Systems are hacked”. Interestingly, it’s in a similar manner, albeit it doesn’t involve plugging in an infected Apple iPhone into the iPod Dock in the cockpit, though that isn’t as hard to do as you’ll see.

Rather, Cyber security researcher Ruben Santamarta revealed that there are vulnerabilities in Communications equipment that could potentially allow remote, unauthorized access to the avionics systems via the in-flight Wi-Fi. And like Motor Vehicle Hacking, it’s dependent on different parts of the Airplane being connected to the Communications and possibly the in-Flight Entertainment via the in-Flight Wi-Fi.

His research paper focused on the following Satellite communications equipment used by the ATC (Air Traffic Controllers) that acts as a transponder and helps to identify the aircraft on Radar Screens in the ATC Tower:

1.      Cobham Plc
2.      Harris Corp
3.      EchoStar Corp's Hughes Network Systems
4.      Iridium Communications Inc
5.      Japan Radio Co Ltd

Interestingly, his findings were lab simulated at Cyber security firm IOActive and according to him, are probably very difficult to simulate in the real world using a laptop and his specialized software. It’s also very similar to how Accuvant research scientists Mr. Mathew Solnik and Mr. Marc Blanchou at BlackHat perform their Baseband Processor Attack on Blackberry as described in my blog article entitled How to Hack ANY Blackberry or Smartphone - SGP Technologies survived in the Lion’s Den as Blackphone Hack was cover for Blackberry Baseband Hack”.

Surprisingly, Cobham, Harris, Hughes and Iridium all confirmed his research as being accurate, but made a point that the hacker would have to have physical access to the equiptment inside of the cockpit in order to hack into their systems.

This is particularly true of Cobham gear, to quote Cobham spokesman Greg Caire: “In the aviation and maritime markets we serve, there are strict requirements restricting such access to authorized personnel only”.

Transponder Hacking – Transponder Identity Theft can make you a military Target

The most troubling bit of his research was the embedded Login and password access for Service Technicians as noted in “Hacker says to show passenger jets at risk of cyber attack”, published Mon Aug 4, 2014 8:09am EDT by Jim Finkle, Reuters.  

It's basically the same for all Satellite Communications equiptment made by a particular vendor and in essence, once learned by the hacker via various means, would give them unhindered access to the Communications equipment, specifically the Transponder use by ATC. This appears to be minor, as according to Hughes spokeswoman Judy Blake who claimed it meant only communications were at risk.

However, a scenario is possible where a hijacker posing as maintenance technician or even a Maintenance Technician bribed with enough money can “prepare” an aircraft to make it hackable using these common logins and password under the guise of maintenance activities. Then a hijacker’s accomplice boarding the airplane at a later time would simply use the in-flight Wi-Fi and disable the communications transponder.

Worse, he could recode it to broadcast a different identity for the aircraft, making it appear to be an aircraft it was not i.e. instead of a commercial flight, appear to be a military jet on radar. This could result in that aircraft being mistakenly shot down as it would appear on radar as a military aircraft.

In so doing, he’d kill himself, the making him the perfect Suicide bomber!

License to Kill - Malaysian MH17 shot down over Ukraine may be Secret Service Related

Certainly puts a new spin on the shooting down of the Malaysian aircraft MH17 over Ukraine as detailed in the article “MH17 Malaysia plane crash in Ukraine: What we know”, published 25 July 2014 Last updated at 08:51 GMT, BBC News.  If it can be done remotely, the hacker may not even have to be on the plane. They can use a satellite phone link to remotely change the transponder on the Malaysian flight MH17 and make it appear to be another aircraft.

Thus the Americans or some other nation with an axe to grind via such an inside job, could have hacked the aircraft with the help of a technician probably paid to do the job so as to have the transponder identify the Malaysian MH17 as a Ukrainian jet plane. This would be the perfect way to “set up” the Russians to shot down a civilian aircraft which on their radar would appears to be a Ukrainian Jet plane.

The Russians, probably realizing their mistake before announcing the hit, probably backed away quickly and claimed the attack to be the work of Russian Rebels, being as they'd logically never do such a thing. In reality, Russian Rebels would have to have gained control of the BOAR Gun for quite a long time and known when and where to fire the weapon.

Plus if it was the Russian Rebels that suggests that they had been able to contact Russian Radar station and known how to use the ground-based radar system in order to lock unto and target the Malaysian MH17 flying so high up in the sky. The precision of the hit suggests it’s most likely the work of the Russian Separatists or rogue elements within the Russian Army or even the KGB, Mossad or even the CIA, not the Russian Rebels as Russian Premier Vladimir Putin claims.

Since the Russians would be acting on what they saw on their radar screen and being unable to see the aircraft, it would be quite difficult to tell the world that they shot down a Ukrainian Jet when in fact the wreckage says otherwise. Thus someone with an axe to grind against Russia may have hacked the aircraft as I've described and made it look like a deliberate act of Russian Terrorism.

It's quite possible that this may have been what transpired to make them shoot down a civilian aircraft by mistake.

But who did it? And why set up the Russians?

I have no answers, save to say that Cyber security researcher Ruben Santamarta in-Flight Wi-Fi Hack, though difficult to implement, would be no problem to execute once the hackers cum terrorists or even Secret Service were well funded by a hostile foreign Government with a License to Kill.

No comments: