- Prison Planet.com - http://www.prisonplanet.com -
Hacker uses an Android to remotely attack and hijack an airplane
Posted By admin On April 12, 2013 @ 4:56 am In Tile,U.S. News | Comments Disabled
Computer World 
April 12, 2013
The Hack in the Box  (#HITB2013AMS ) security conference in Amsterdam has a very interesting lineup of talks [pdf ]. One that jumped out was the Aircraft Hacking: Practical Aero Series  presented by Hugo Teso , a security consultant at n.runs in Germany. According to the abstract, “This presentation will be a practical demonstration on how to remotely attack and take full control of an aircraft, exposing some of the results of my three years research on the aviation security field. The attack performed will follow the classical methodology, divided in discovery, information gathering, exploitation and post-exploitation phases. The complete attack will be accomplished remotely, without needing physical access to the target aircraft at any time, and a testing laboratory will be used to attack virtual airplanes systems.
While keeping an eye on Twitter #HITB2013AMS , greatly interesting tweets started to appear as hackers who attended were excited. I will add some of those throughout this article.
Before his presentation, Teso recommended that people should have a littlebackground knowledge on aviation and aircraft systems to better understand what he was going to explain. Here’s a few important facts: Automated Dependent Surveillance-Broadcast (ADS-B) has no security as was pointed out at Def Con 20 shortly before a hacker was able to inject ghost planes into radar . It is unencrypted and unauthenticated. Teso said, “Attacks range from passive attacks (eavesdropping) to active attacks (message jamming, replaying, injection.” The Aircraft Communications Addressing and Reporting System (ACARS) also has no security; it “is used for exchanging text messages between aircraft and ground stations via radio (VHF) or satellite.” Although his talk did not focus on the vulnerabilities in those two protocols, he used them to find targets.
Article printed from Prison Planet.com: http://www.prisonplanet.com
URL to article: http://www.prisonplanet.com/hacker-uses-an-android-to-remotely-attack-and-hijack-an-airplane.html
URLs in this post:
 Computer World: http://blogs.computerworld.com/cybercrime-and-hacking/22036/hacker-uses-android-remotely-attack-and-hijack-airplane
 Hack in the Box: http://conference.hitb.org/hitbsecconf2013ams/
 #HITB2013AMS: https://twitter.com/search/realtime?q=%23HITB2013AMS&src=hash
 pdf: http://conference.hitb.org/hitbsecconf2013ams/agenda.pdf
 Aircraft Hacking: Practical Aero Series: http://conference.hitb.org/hitbsecconf2013ams/hugo-teso/
 Hugo Teso: https://twitter.com/hteso
 background knowledge on aviation and aircraft systems: http://commandercat.com/2013/04/hitb2013.html
 inject ghost planes into radar: http://blogs.computerworld.com/cybercrime-and-hacking/20775/curious-hackers-inject-ghost-airplanes-radar-track-celebrities-flights
 FBI can remotely activate microphones in Android smartphones, source says: http://www.prisonplanet.com/fbi-can-remotely-activate-microphones-in-android-smartphones-source-says.html
 Hacker dies days before he was to reveal how to remotely kill pacemaker patients: http://www.prisonplanet.com/hacker-dies-days-before-he-was-to-reveal-how-to-remotely-kill-pacemaker-patients.html
 Hackers say coming air traffic control system lets them hijack planes: http://www.prisonplanet.com/hackers-say-coming-air-traffic-control-system-lets-them-hijack-planes.html
 Households may be powered off remotely by power companies: http://www.prisonplanet.com/households-may-be-powered-off-remotely-by-power-companies.html
 Nasdaq outage resembles hacker attacks: http://www.prisonplanet.com/nasdaq-outage-resembles-hacker-attacks.html
Copyright © 2013 PrisonPlanet.com. All rights reserved.