New realities in aviation security remotely gaining control of aircraft systems

•

1 gostou•620 visualizações

DaveEdwards12

Tecnologia Negócios

AIR TRANSPORT
●
2.8 billion
– People flown in 2011.
●
38 million
– Number of flights in 2011
MARITIME TRANSPORT
●
30,936
– Transport ships in 2011
●
8,7 billion tons
– Seaborne trade on 2012

Part I
– Traditional technologies
Part II
– New risks and attack vectors
Agenda

Older technologies
Primary Surveillance
Radars (PSR)
✈ Detects presence of
planes via the reflection of
radio waves by the planes.
Secondary Surveillance
Radars (SSR)
✈ Detects and measures the
position of aircrafts, requests
additional information from
them.

Legacy systems Glass cockpit
Older technologies

Attack overview
DISCOVERY
✈ ADS-B
GATHERING
✈ ACARS
EXPLOITATION
✈ Systems

DISCOVERY - ADS-B
Automatic Dependent Surveillance-Broadcast
✈ Radar substitute
✈ Position, velocity, identification

GATHERING - ACARS
Aircraft Communications Addressing and
Reporting System
✈ Digital data link for transmission of messages
between aircraft and ground stations

EXPLOITATION - FMS
✈Flight Management System
– Typically consists of two units:
» A computer unit
» A control display unit
✈Control Display Unit (CDU or
MCDU) provides the primary
human/machine interface for data
entry and information display.
✈FMS provides:
» Navigation
» Flight planning
» Trajectory prediction
» Performance computations
» Guidance

EXPLOITATION - Attack delivery
Ground Service providers
●
The “glue” of the aviation
ecosystem
house
Software Defined Radio
●
A radio communication
system where hardware
components are
implemented by means
of software.

Unmanned Aircraft Systems
COMMUNICATIONS
– SATCOM
●
Iridium
●
Ku-Band
●
C/S-Band
– VHF
●
:-)
NON-SEGREGATED
AIRSPACE
●
Civil aviation systems
– COTS/MOTS
– Vulnerable:
●
Protocols
●
Systems

Remediation
Where to start from?
– ✈ NextGen Security
●
On-board systems security
audit
– ✈ Who is affected?
●
Manufacturers
●
Ground Service Providers
●
Airlines/Operators

Remember: Safety is NOT Security
hugo.teso@nruns.com
Additional resources
– RootedCon 2012
●
Slides: http://x90.es/7e4
●
Video: http://x90.es/7e5
– HITB 2013
●
Slides: http://x90.es/7e6
●
Video: http://x90.es/7e7

Mais conteúdo relacionado

Semelhante a New realities in aviation security remotely gaining control of aircraft systems

Project01 atcAhmed S. AL-Qahtani

DeepakKumar Kranti

DeepakMohit Raj

International Journal of Engineering and Science Invention (IJESI)inventionjournals

International Journal of Engineering and Science Invention (IJESI) inventionjournals

Cyber security in_next_gen_air_transportation_system_wo_videoOWASP Delhi

Global Defense Telemetry Market Sizedefensemarket98

Global Defense Telemetry Market Reportdefensemarket98

Global Defense Telemetry Marketaviationdefense30

Seban pptKevin ITian

A Brighter Future for the Black BoxJLLARMOR

ΕΛΙΣΜΕ ΓΕΕΘΑ 20181126 2.1 Κωνσταντίνος Μέλλος «Αντιμετωπίζοντας τις Σύγχρονες...Ελληνικό Ινστιτούτο Στρατηγικών Μελετών (ΕΛΙΣΜΕ)

Global Defense Telemetry MarketAviationandDefensema

Global Defense Telemetry Market Sizeaviationdefensemarke

Global Defense Telemetry Market Report Sizeaviationdefensemarke

Global Defense Telemetry Market Sizeaviationmarketreport

Global Defense Telemetry Market Reportaviationdefense30

Global Defense Telemetry Market Forecastaviationmarketreport

Global Defense Telemetry Marketaviationindustrymark

Global Defense Telemetry Market Reportaviationindustry67

Semelhante a New realities in aviation security remotely gaining control of aircraft systems (20)

Project01 atc

Deepak

International Journal of Engineering and Science Invention (IJESI)

Cyber security in_next_gen_air_transportation_system_wo_video

Global Defense Telemetry Market Size

Global Defense Telemetry Market Report

Global Defense Telemetry Market

Seban ppt

A Brighter Future for the Black Box

ΕΛΙΣΜΕ ΓΕΕΘΑ 20181126 2.1 Κωνσταντίνος Μέλλος «Αντιμετωπίζοντας τις Σύγχρονες...

Global Defense Telemetry Market

Global Defense Telemetry Market Size

Global Defense Telemetry Market Report Size

Global Defense Telemetry Market Size

Global Defense Telemetry Market Report

Global Defense Telemetry Market Forecast

Global Defense Telemetry Market

Global Defense Telemetry Market Report

Mais de DaveEdwards12

Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwareDaveEdwards12

A Journey to Protect Points of Sale (POS)DaveEdwards12

Man in the Browser attacks on online banking transactionsDaveEdwards12

New realities in aviation security remotely gaining control of aircraft systemsDaveEdwards12

Insecurity in security products 2013DaveEdwards12

Why current security solutions failDaveEdwards12

Anatomy of business logic vulnerabilitiesDaveEdwards12

Using 80 20 rule in application security managementDaveEdwards12

Top Application Security Trends of 2012DaveEdwards12

Vulnerability in Security ProductsDaveEdwards12

Insecurity in security products v1.5DaveEdwards12

Mais de DaveEdwards12 (11)

Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware

A Journey to Protect Points of Sale (POS)

Man in the Browser attacks on online banking transactions

New realities in aviation security remotely gaining control of aircraft systems

Insecurity in security products 2013

Why current security solutions fail

Anatomy of business logic vulnerabilities

Using 80 20 rule in application security management

Top Application Security Trends of 2012

Vulnerability in Security Products

Insecurity in security products v1.5

Último

Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo

04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG

Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun

HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics

Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun

Boost PC performance: How more available memory can improve productivityPrincipled Technologies

Scaling API-first – The story of a global engineering organizationRadu Cotescu

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays

Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko

Artificial Intelligence: Facts and MythsJoaquim Jorge

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j

The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los

Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge

Real Time Object Detection Using Open CVKhem

Apidays New York 2024 - The value of a flexible API Management solution for O...apidays

How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes

New realities in aviation security remotely gaining control of aircraft systems

1. Transport Security

2. AIR TRANSPORT ● 2.8 billion – People flown in 2011. ● 38 million – Number of flights in 2011 MARITIME TRANSPORT ● 30,936 – Transport ships in 2011 ● 8,7 billion tons – Seaborne trade on 2012

3. Safety is NOT Security

4. New technologies, new threats... ...new requirements: ● IT Security profile – New systems – Automation ● Aviation profile – Specific knowledge – Own technologies – Standards

5. Part I – Traditional technologies Part II – New risks and attack vectors Agenda

6. Traditional technologies Good old days

7. Older technologies Primary Surveillance Radars (PSR) ✈ Detects presence of planes via the reflection of radio waves by the planes. Secondary Surveillance Radars (SSR) ✈ Detects and measures the position of aircrafts, requests additional information from them.

8. Legacy systems Glass cockpit Older technologies

9. New technologies Risks and attacks

10. Attack overview DISCOVERY ✈ ADS-B GATHERING ✈ ACARS EXPLOITATION ✈ Systems

11. THE TARGET SOFTWARE

12. DISCOVERY - ADS-B Automatic Dependent Surveillance-Broadcast ✈ Radar substitute ✈ Position, velocity, identification

13. GATHERING - ACARS Aircraft Communications Addressing and Reporting System ✈ Digital data link for transmission of messages between aircraft and ground stations

14. EXPLOITATION - FMS ✈Flight Management System – Typically consists of two units: » A computer unit » A control display unit ✈Control Display Unit (CDU or MCDU) provides the primary human/machine interface for data entry and information display. ✈FMS provides: » Navigation » Flight planning » Trajectory prediction » Performance computations » Guidance

15. EXPLOITATION - Attack delivery Ground Service providers ● The “glue” of the aviation ecosystem house Software Defined Radio ● A radio communication system where hardware components are implemented by means of software.

16. Unmanned Aircraft Systems COMMUNICATIONS – SATCOM ● Iridium ● Ku-Band ● C/S-Band – VHF ● :-) NON-SEGREGATED AIRSPACE ● Civil aviation systems – COTS/MOTS – Vulnerable: ● Protocols ● Systems

17. Remediation Where to start from? – ✈ NextGen Security ● On-board systems security audit – ✈ Who is affected? ● Manufacturers ● Ground Service Providers ● Airlines/Operators

18. Remember: Safety is NOT Security hugo.teso@nruns.com Additional resources – RootedCon 2012 ● Slides: http://x90.es/7e4 ● Video: http://x90.es/7e5 – HITB 2013 ● Slides: http://x90.es/7e6 ● Video: http://x90.es/7e7

New realities in aviation security remotely gaining control of aircraft systems

Recomendados

Recomendados

Mais conteúdo relacionado

Semelhante a New realities in aviation security remotely gaining control of aircraft systems

Semelhante a New realities in aviation security remotely gaining control of aircraft systems (20)

Mais de DaveEdwards12

Mais de DaveEdwards12 (11)

Último

Último (20)

New realities in aviation security remotely gaining control of aircraft systems