![]() Official 5-day ethical hacking training. Sit your CEH exam on this award winning ethical hacking course and get CEH certified in 5 days. Why wait? InformationWeek.com: News, analysis and research for business technology professionals, plus peer-to-peer knowledge sharing. Engage with our community. Cyber Threats against the Aviation Industry. Introduction. The recent incident to the Malaysia Airlines Flight MH3. In the past, we have seen many security experts present possible attack scenarios, but never has an attacker made them reality. While the investigators still search for evidence that can provide more indications of what is really happened to the flight, some security experts also hypothesized that it could be the result of a cyber attack against the airplane. Some experts alerted to the possibility that it could be an attack against the in- flight entertainment system that allowed the hackers to infiltrate the security software. Figure – Passenger seatback entertainment systems. The modification requested and implemented by Boeing is a necessary improvement to prevent accidental or. The theory was exposed by a British anti- terrorism expert who declared that similar attacks are possible due to the existence of specific exploits. The former scientific adviser to the UK’s Home Office, Sally Leivesley, revealed Boeing 7. The airplanes are very sophisticated systems. They are comparable to a complex network in which each system runs its software component that could be compromised exactly like the information exchanged by the parts. Many investigators revealed that an attacker with a deep knowledge of the plane’s systemcould intentionally cause serious problems with its normal operation.“It might well be the world’s first cyber hijack … This is a very early version of what I would call a smart plane, a fly- by- wire aircraft controlled by electronic signals … There appears to be an element of planning from someone with a very sophisticated systems engineering understanding … When the plane is air- side, you can insert a set of commands and codes that may initiate, on signal, a set of processes,” said Leivesley. An element that leads investigators to consider the possibility of a cyber attack is the silence of the plane’s communication equipment. Aircraft such as the Boeing 7. It is not simple to switch off all the transponders, and modern planes in fact are equipped with two other systems, the cockpit radios and a text- based system known as Aircraft Communications Addressing and Reporting System (ACARS), which can be used to send messages or information about the airplane. In the case of the Malaysia Airlines Flight MH3. NPR’s Geoff Brumfiel. Turning off the radios and ACARS would be more difficult. National Public Radio’s (NPR) Geoff Brumfiel declared that pilots who collaborate with him confirmed that those systems are pretty hard- wired into a modern aircraft.“Well, basically this Boeing 7. Satcom antenna, and so, a satellite orbiting way above the Earth was in contact with it. Every hour, the satellite would send a little signal going, are you still there? And the plane would send a signal back saying, yep, I’m here,” said Brumfiel. So how is it possible that the plane vanished? U. S. government agencies are working with the Indian authorities to have access to radar data. The most plausible hypotheses are those about a hijacking, an event that, for the observed dynamics, would require careful preparation to disable all the controls and communication channels mentioned above.“They [other pilots interviewed by NPR]said you’d have to go through big checklists, you’d have to possibly pull circuit breakers if you wanted to deactivate [all the communications equipment],” NPR’s Geoff Brumfiel told “All Things Considered” host Robert Siegel. So, to do this, you’d have to have some degree of premeditation and a lot of knowledge of the aircraft.”New Scientist is reporting that the Malaysia Airlines jet sent out at least two bursts of technical data using the Aircraft Communications Addressing and Reporting System (ACARS) before it disappeared, a collection of useful engine data relates to critical flight systems and avionics. Figure – ACAR messages. Why has someone spoken about a possible cyber attack? The hacking of critical systems in an airplane could not be totally excluded, as well as any other electronic system. A report filed on the. US Federal Register website indicates that Boeing has implemented additional security measures on the 7. The improvements confirm the possibility that bad actors, under particular conditions, may harm the security of the flights. Boeing announced that it was upgrading the 7. ER series with the new security features. These special conditions are issued for the Boeing Model 7. ER series airplanes. These airplanes, as modified by the Boeing Company, will have novel or unusual design features associated with the architecture and connectivity of the passenger service computer network systems to the airplane critical systems and data networks. This onboard network system will be composed of a network file server, a network extension device, and additional interfaces configured by customer option. The applicable airworthiness regulations do not contain adequate or appropriate safety standards for this design feature. These special conditions contain the additional safety standards that the Administrator considers necessary to establish a level of safety equivalent to that established by the existing airworthiness standards,” states the report. As described in the above announcement, the experts at Boing were concerned about the possibility that the passenger inflight entertainment system would be connected to critical systems of the aircraft. The “open door” for hackers are passenger seatback entertainment systems which have USB ports and come with Ethernet. Before the modifications mentioned, there was no “separation” between entertainment systems and the overall network of the aircraft. Boeing requested the Federal Aviation Administration the permission to add a “network extension device” to separate the various systems from each other. The design features designed for Boeing Model 7. ER series airplanes include an on- board computer network system and a network extension device to improve the domain separation between the airplane information services domain and the aircraft control domain. The proposed architecture and network configuration may be used for, or interfaced with, a diverse set of functions, including: Flight- safety related control and navigation systems. Operator business and administrative support (operator information services)Passenger information systems. Access to internal airplane systems. Figure – Passenger seatback entertainment systems. The modification requested and implemented by Boeing is a necessary improvement to prevent accidental or deliberate unauthorized access to any control system in the aircraft. For now there isn’t any regulation that specifically addresses the possibility to access to system architecture exploiting security vulnerabilities in peripheral systems.“The existing regulations and guidance material did not anticipate this type of system architecture or electronic access to aircraft systems. Furthermore, regulations and current system safety assessment policy and techniques do not address potential security vulnerabilities, which could be caused by unauthorized access to aircraft data buses and servers.”The Federal Aviation Administration approved the license change the architecture for Boeing aircrafts assigning to the company the responsibility to ensure that adding the network extension would not have an impact on the aircraft’s flying capability. Airplane hacking with a smart device. Exactly one year ago, the security community was intrigued by the news regarding the possibility to hack the navigation system within an airplane with an Android Smartphone. The news was alarming because just by using a limited resource, a hacker is able to take control of the entire control system on- board, including plane navigation and cockpit systems. The researcher Hugo Teso, a security consultant at N. AG, Germany, with a passion for flying, demonstrated at The Black Box security conference in Amsterdam that just using an exploit framework, dubbed Simon, and an Android app it is possible to gain remote control system inside an airplane. Figure – Teso’s App. The application proposed by Teso was proof of a concept developed to alertthe Federal Aviation Administration, European Aviation Safety Administration, and principal aircraft manufacturers, on the risk related to an attack. The risk is concrete according the researcher, and all principal actors in the aviation industry must consider security by design to avoid disturbing consequences.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
October 2017
Categories |