“These
devices are wide open. The goal of this talk is to help change that situation”
Cyber Security firm
IOActive researcher Ruben Santamarta explaining his work on Airplane Hacking to
Reuters
Airplanes
are not safe, even from hackers.
So
says Cyber security researcher Ruben Santamarta, a 32 year old Consultant with
Cyber security firm IOActive. In a 25 page report submitted at the Black Hat
Hackers Conference in August 2014, he detailed a means by which hackers could
gain control of an airplane via the in-flight Wi-Fi as stated in “Can
a plane be hacked via in-flight Wi-Fi? Researcher says it's so”, published
August 4, 2014 3:38 PM PDT by Eric Mack, CNET
News.
His
research, which he chose to make public to raise awareness on the issue,
reveals that airplanes are just as easy to hack as Motor Vehicles as another
pair of Security Researchers Charlie Miller and Chris Valasek revealed as
explained in my blog
article entitled “Automotive
Security Researchers tell CNN Money Vehicles are hackable - How Vehicle
Entertainment Systems are hacked”. Interestingly, it’s in a similar manner,
albeit it doesn’t involve plugging in an infected Apple iPhone into the iPod
Dock in the cockpit, though that isn’t as hard to do as you’ll see.
Rather,
Cyber security researcher Ruben Santamarta revealed that there are
vulnerabilities in Communications equipment that could potentially allow
remote, unauthorized access to the avionics systems via the in-flight Wi-Fi. And
like Motor Vehicle Hacking, it’s dependent on different parts of the Airplane
being connected to the Communications and possibly the in-Flight Entertainment
via the in-Flight Wi-Fi.
His
research paper focused on the following Satellite communications equipment used
by the ATC (Air Traffic Controllers) that acts as a transponder and helps to
identify the aircraft on Radar Screens in the ATC Tower:
1. Cobham
Plc
2. Harris
Corp
3. EchoStar
Corp's Hughes Network Systems
4. Iridium
Communications Inc
5. Japan
Radio Co Ltd
Interestingly,
his findings were lab simulated at Cyber security firm IOActive and according
to him, are probably very difficult to simulate in the real world using a
laptop and his specialized software. It’s also very similar to how Accuvant
research scientists Mr. Mathew Solnik and Mr. Marc Blanchou at BlackHat perform
their Baseband Processor Attack on Blackberry as described in my blog article
entitled “How
to Hack ANY Blackberry or Smartphone - SGP Technologies survived in the Lion’s
Den as Blackphone Hack was cover for Blackberry Baseband Hack”.
Surprisingly,
Cobham, Harris, Hughes and Iridium all confirmed his research as being
accurate, but made a point that the hacker would have to have physical access
to the equiptment inside of the cockpit in order to hack into their systems.
This
is particularly true of Cobham gear, to quote Cobham spokesman Greg Caire: “In
the aviation and maritime markets we serve, there are strict requirements
restricting such access to authorized personnel only”.
Transponder Hacking – Transponder
Identity Theft can make you a military Target
The
most troubling bit of his research was the embedded Login and password access
for Service Technicians as noted in “Hacker
says to show passenger jets at risk of cyber attack”, published Mon Aug 4,
2014 8:09am EDT by Jim Finkle, Reuters.
It's
basically the same for all Satellite Communications equiptment made by a
particular vendor and in essence, once learned by the hacker via various means,
would give them unhindered access to the Communications equipment, specifically
the Transponder use by ATC. This appears to be minor, as according to Hughes
spokeswoman Judy Blake who claimed it meant only communications were at risk.
However,
a scenario is possible where a hijacker posing as maintenance technician or
even a Maintenance Technician bribed with enough money can “prepare” an
aircraft to make it hackable using these common logins and password under the
guise of maintenance activities. Then a hijacker’s accomplice boarding the
airplane at a later time would simply use the in-flight Wi-Fi and disable the
communications transponder.
Worse,
he could recode it to broadcast a different identity for the aircraft, making
it appear to be an aircraft it was not i.e. instead of a commercial flight,
appear to be a military jet on radar. This could result in that aircraft being
mistakenly shot down as it would appear on radar as a military aircraft.
In
so doing, he’d kill himself, the making him the perfect Suicide bomber!
License to Kill - Malaysian
MH17 shot down over Ukraine may be Secret Service Related
Certainly
puts a new spin on the shooting down of the Malaysian aircraft MH17 over
Ukraine as detailed in the article “MH17 Malaysia plane crash
in Ukraine: What we know”, published 25 July 2014 Last updated at 08:51
GMT, BBC News. If it can be done remotely, the hacker may
not even have to be on the plane. They can use a satellite phone link to
remotely change the transponder on the Malaysian flight MH17 and make it appear
to be another aircraft.
Thus
the Americans or some other nation with an axe to grind via such an inside job,
could have hacked the aircraft with the help of a technician probably paid to
do the job so as to have the transponder identify the Malaysian MH17 as a
Ukrainian jet plane. This would be the perfect way to “set up” the Russians to
shot down a civilian aircraft which on their radar would appears to be a
Ukrainian Jet plane.
The
Russians, probably realizing their mistake before announcing the hit, probably
backed away quickly and claimed the attack to be the work of Russian Rebels,
being as they'd logically never do such a thing. In reality, Russian Rebels
would have to have gained control of the BOAR Gun for quite a long time and
known when and where to fire the weapon.
Plus
if it was the Russian Rebels that suggests that they had been able to contact
Russian Radar station and known how to use the ground-based radar system in
order to lock unto and target the Malaysian MH17 flying so high up in the sky.
The precision of the hit suggests it’s most likely the work of the Russian
Separatists or rogue elements within the Russian Army or even the KGB, Mossad
or even the CIA, not the Russian Rebels as Russian Premier Vladimir Putin
claims.
Since
the Russians would be acting on what they saw on their radar screen and being
unable to see the aircraft, it would be quite difficult to tell the world that
they shot down a Ukrainian Jet when in fact the wreckage says otherwise. Thus
someone with an axe to grind against Russia may have hacked the aircraft as
I've described and made it look like a deliberate act of Russian Terrorism.
It's
quite possible that this may have been what transpired to make them shoot down
a civilian aircraft by mistake.
But
who did it? And why set up the Russians?
I
have no answers, save to say that Cyber security researcher Ruben Santamarta
in-Flight Wi-Fi Hack, though difficult to implement, would be no problem to
execute once the hackers cum
terrorists or even Secret Service were well funded by a hostile foreign
Government with a License to Kill.
No comments:
Post a Comment