We've talked before about the vulnerability of SCADA systems in the energy/utility sector. This potential on an aircraft is downright scary.
Missing Malaysia Airlines flight could have fallen victim to world's first 'cyber-hijack' March 17, 2014 - 9:42AM Deborah Gough http://www.theage.com.au/it-pro/security-it/missing-malaysia-airlines-flight-could-have-fallen-victim-to-worlds-first-cyberhijack-20140316-hvji3.html [snip] Dr Leivesley, who runs her own company training businesses and governments to counter terrorist attacks, told the Sunday Express she believed malicious codes, triggered by a mobile phone, would have been able to override the aircrafts security. There appears to be an element of planning from someone with a very sophisticated systems engineering understanding, Dr Leivesley said. This is a very early version of what I would call a smart plane, a fly-by-wire aircraft controlled by electronic signals. It is looking more and more likely that the control of some systems was taken over in a deceptive manner, either manually, so someone sitting in a seat overriding the autopilot, or via a remote device turning off or overwhelming the systems. A mobile phone could have been used to do so or a USB stick. When the plane is air-side, you can insert a set of commands and codes that may initiate, on signal, a set of processes. Dr Leivesley said the hacking threat was raised at a science conference in China last year. What we are finding now is that it is possible with a mobile phone to initiate a signal to a preset piece of malicious software, or malware, in the computer that initiates a whole set of instructions, she said. It is possible for hackers be they part of organised crime or with government backgrounds to get into the main computer network of the plane through the inflight, onboard entertainment system. If you have got any connections whatsoever between the computing systems, you can jump across and you can get into the flight critical system. To really protect your computer systems, you do not let anything connect with them and you would keep the inflight systems totally in their own loop so nothing whatsoever connects. There are now a number of ways, however, in which the gap between those systems and a hand-held device like a mobile phone can be overcome. The Sunday Express reported that last April, a German security consultant and commercial pilot unveiled a way to hijack a plane remotely using a phone. Addressing the Hack In The Box security summit in Amsterdam, the consultant Hugo Teso said he had spent three years developing a series of malicious codes on a mobile phone app called PlaneSploit that hacked into an aircrafts security system. Melbourne, Victoria, Australia [email protected] Sooner or later, I hate to break it to you, you're gonna die, so how do you fill in the space between here and there? It's yours. Seize your space. ~Margaret Atwood, writer _ __________________ _ _______________________________________________ Link mailing list [email protected] http://mailman.anu.edu.au/mailman/listinfo/link
