Researcher Successfully Hacked In-Flight Airplanes – From the Ground

From DarkReading Article:

IOActive researcher will demonstrate at Black Hat USA how satellite equipment can be ‘weaponized’

It’s been four years since researcher Ruben Santamarta rocked the security world with his chilling discovery of major vulnerabilitiesin satellite equipment that could be abused to hijack and disrupt communications links to airplanes, ships, military operations, and industrial facilities.

Santamarta has now proven out those findings and taken his research to the level of terrifying, by successfully hacking into in-flight airplane WiFi networks and satcom equipment from the ground. “As far as I know I will be the first researcher that will demonstrate that it’s possible to hack into communications devices on an in-flight aircraft … from the ground,” he says.

He accessed on-board WiFi networks including passengers’ Internet activity, and also was able to reach the planes’ satcom equipment, he says, all of which in his previous research he had concluded – but not proven – was possible. And there’s more: “In this new research, we also managed to get access to important communications devices in the aircraft,” Santamarta, principal security consultant with IO/Active, says.

Too cold to work? School closed? Sure your BMS hasn’t been hacked?

Pen Test Partners have been reviewing the security of Building Management Systems and the findings are not good, see their article here:

Too cold to work? School closed? Sure your BMS hasn’t been hacked?

“The controller security has improved some, but we’ve found large numbers installed on the public internet, unprotected, with complete authentication bypass in some cases!

We found them in military bases, schools, government buildings, businesses and large retailers among many. Ripe for compromise of these organisations.

We also found some that had already been compromised to a point by malware. Further compromise would be trivial.”

“It’s about lax installers NOT vendors

Most of these issues have been caused by HVAC & BMS installers, rather than the vendor. The installers have exposed their clients through not following manufacturer security guidelines. The manufacturer could still make improvements though.”

Final Agenda for IoTSF Conference – Tuesday 5th December 2017

IoT Security Foundation @IoT_SF Conference will deliver a range of business strategic, research and technical talks across three tracks that demonstrate what good security looks like from planning to execution. Join IoTSF, IBM, Intel, Device Authority, National Cyber Security Centre (NCSC), Pen Test Partners, PhotonStar LED, ARM, Electric Imp, Smarter, Secure Thingz, Data IO, Beecham Research, Connect Devices, IAR, Security Platform Inc, University of Warwick, Pipe, Thales, AESIN & more.

Final Agenda