Researcher Successfully Hacked In-Flight Airplanes – From the Ground

From DarkReading Article:

IOActive researcher will demonstrate at Black Hat USA how satellite equipment can be ‘weaponized’

It’s been four years since researcher Ruben Santamarta rocked the security world with his chilling discovery of major vulnerabilitiesin satellite equipment that could be abused to hijack and disrupt communications links to airplanes, ships, military operations, and industrial facilities.

Santamarta has now proven out those findings and taken his research to the level of terrifying, by successfully hacking into in-flight airplane WiFi networks and satcom equipment from the ground. “As far as I know I will be the first researcher that will demonstrate that it’s possible to hack into communications devices on an in-flight aircraft … from the ground,” he says.

He accessed on-board WiFi networks including passengers’ Internet activity, and also was able to reach the planes’ satcom equipment, he says, all of which in his previous research he had concluded – but not proven – was possible. And there’s more: “In this new research, we also managed to get access to important communications devices in the aircraft,” Santamarta, principal security consultant with IO/Active, says.

Internet of Things Thames Valley Meetup – 2017 Highlights

Internet of Things Thames Valley Meetup highlights for 2017 include: our 3rd Anniversary in May; a growth in membership to 1,300 people and excellent presentations from startups to large enterprises right across the IoT ecosystem including:

  • Ocado Technologies
  • Schneider Electric
  • Dashboard
  • Marks & Clerk
  • Vodafone
  • KTN
  • Logi Analytics
  • Honeywell
  • Review Displays
  • Rescon
  • BSI
  • Dell EMC
  • Imagination Technologies
  • Device Authority
  • Sixis
  • BCS
  • Amazon Web Services (AWS)
  • Surrey University
  • GSMA
  • Abacode
  • Sony
  • Wirepas
  • Voytech Systems
  • T&VS
  • Adaptive Wireless Solutions
  • Think Engineer

A special thank you to our 2017 Sponsors:

  • Green Park
  • KTN (Innovate UK)
  • Marks & Clerk
  • Logi Analytics
  • Anderson Young
  • LynxPro
  • Review Display Systems
  • BCS (Berkshire Branch)
  • Device Authority
  • Surrey University
  • Kemuri

In 2018, I plan to hold another 5 events spread across the year.

The next Meetup is on the evening of 7th February 2018.

Too cold to work? School closed? Sure your BMS hasn’t been hacked?

Pen Test Partners have been reviewing the security of Building Management Systems and the findings are not good, see their article here:

Too cold to work? School closed? Sure your BMS hasn’t been hacked?

“The controller security has improved some, but we’ve found large numbers installed on the public internet, unprotected, with complete authentication bypass in some cases!

We found them in military bases, schools, government buildings, businesses and large retailers among many. Ripe for compromise of these organisations.

We also found some that had already been compromised to a point by malware. Further compromise would be trivial.”

“It’s about lax installers NOT vendors

Most of these issues have been caused by HVAC & BMS installers, rather than the vendor. The installers have exposed their clients through not following manufacturer security guidelines. The manufacturer could still make improvements though.”

Final Agenda for IoTSF Conference – Tuesday 5th December 2017

IoT Security Foundation @IoT_SF Conference will deliver a range of business strategic, research and technical talks across three tracks that demonstrate what good security looks like from planning to execution. Join IoTSF, IBM, Intel, Device Authority, National Cyber Security Centre (NCSC), Pen Test Partners, PhotonStar LED, ARM, Electric Imp, Smarter, Secure Thingz, Data IO, Beecham Research, Connect Devices, IAR, Security Platform Inc, University of Warwick, Pipe, Thales, AESIN & more.

Final Agenda

IoT Thames Valley Meetup 29 Nov 2017

Internet of Things Thames Valley

Reading, GB
1,284 Members

This group is open (free) for business, academic, public sector and technical professionals interested in the ‘Internet of Things’ who wish network, share knowledge and experi…

Next Meetup

IoT Thames Valley Meeting #18

Wednesday, Nov 29, 2017, 6:15 PM
118 Attending

Check out this Meetup Group →

We have a great line up of speakers and exhibitors, including:

  • Simon Fabri, Technical Director, Schneider Electric
  • Duncan White, Managing Partner, Marks & Clerk
  • Piers Corfield, Founder & CEO, Dashboard
  • Adam Armer, Global Business Development Manager, Vodafone
  • Robin Kennedy, Knowledge Transfer Manager, KTN
  • Steve Morecraft – Technical Manager, EMEA, Logi Analytics

If you are looking for a new job/contract position or to recruit staff then come along and talk to Anderson Young and LynxPro who will be exhibiting and are sponsors of the Meetup.

IoT Security Conference

The IoT Security Foundation are holding their 3rd Annual IoT Security Conference on 5th December at the prestigious IET Savoy Place, London. This year’s theme is Knowing It’s Safe To Connect which will deliver a range of business strategic and technical talks that demonstrate what good security looks like from planning to execution. The Conference also features making the business case for the right kind of security, technical sessions for securing the IoT ecosystem, research sessions on the future of IoT security and has a post-conference drinks reception for additional networking.

Why attend? Learn from the best, connect with the IoT security community and enhance business opportunities through extensive networking.

https://www.iotsecurityfoundation.org/iotsf-conference-2017