An aircraft security has eased the worries of a lot of frequent flyers this week — by reassuring them that aircraft are not “hackable” in mid . The claim was made at Black Hat last week.

An aircraft security expert has eased the worries of many frequent flyers this week — by reassuring them that aircrafts are not “hackable” in mid flight. Dr Phil Polstra of Bloomsburg University has the credentials – he holds 12 aviation ratings, all current, including aircraft mechanic and avionics technician, thousands of hours of flight time, and has worked on on the development of avionics found in modern airliners.

“Lots of bold concerning the feasibility of cyber-hijacking – and bold get lots of press. Most people don’t know enough to evaluate these . Whether you feel safer or even more scared should be based on facts,” he says.

Polstra’s collaborator, “Captain Polly” is also an academic dealing with avionics.

Santamarta’s presentation focuses on major brands, and widely used , and he claims that 100% of under test had vulnerabilities. Weak encryption and “backdoors” which could allow control over communication are rife in all under test, according to RT. Some attacks can be performed with an SMS, Santamarta claims.

“These vulnerabilities allow remote, unauthenticated attackers to fully compromise the affected products. In certain cases no user interaction is required to exploit the vulnerability, just sending a simple SMS or specially crafted message from one ship to another ship can do it,” Santamarta says.

Wi-Fi security: Death in the skies?

“Ships, aircraft, military personnel, emergency services, media services, and industrial facilities (oil rigs, gas pipelines, water treatment plants, wind turbines, substations, etc.) could all be impacted by these vulnerabilities.”

The Black Hat security conference last week was dominated by one terrifying assertion – that avionics systems were vulnerable to hacks which could be set off as simply as by sending an SMS or via Wi-Fi.

Polstra’s presentation debunks the Wi-Fi hack threat, step by step. Strict rules prevent avionics systems from being accessible via wireless – except in Boeing aircrafts, which use a system “harder to hack” he says.

The Register reports, “Firstly, no commercial airliner’s avionics systems can be accessed from from either the entertainment system or in-flight Wi-Fi. Avionics systems are also never wireless, but always wired, and don’t even use standard TCP/IP to communicate.”

Physical access – not Wi-Fi signals

FAA rules state: “The applicant must ensure that the design provides isolation from, or airplane electronic system security protection against, access by unauthorized sources internal to the airplane. The design must prevent inadvertent and malicious changes to, and all adverse impacts upon, airplane equipment, systems, networks, or other assets required for flight and operations.”

Several companies have already said that the research was flawed: Cobham said wireless hacks were “impossible”, and that a hacker would require physical access to systems.

“In the aviation and maritime markets we serve, there are strict requirements restricting such access to authorized personnel only,” said Caires.

At least one company has already come forward to state that the Wi-Fi hack used would be impossible in a “real world” situation. Other vendors have dismissed the risks as “very small”.

Polstra says, however, that increasing computerization may lead to future problems.“Increasing automation while continuing with unsecured protocols is problematic. Airliners are relatively safe (for now),” he concludes.






Source link https://www.welivesecurity.com/2014/08/11/wi-fi-security-flight-systems-are-safe-for-now-says-expert/

LEAVE A REPLY

Please enter your comment!
Please enter your name here