O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.
Hacking the aerospace
industry – should we
worry?
Jakub Kaluzny
European Space Agency, Madrid, 2015
whoami
ESAC project in 2012, beer&tapas lover
Sr. IT Security Consultant at SecuRing
• Consulting all phases of developmen...
Agenda – hacking space industry
Who is your enemy?
What can be hacked?
How to protect?
WHO?
Script-kiddies
More sophisticated script-kiddies
Whitehats
Bounty hunters
Professionals
WHAT?
What can be hacked?
Software
• Company website
Hardware
Process
People
Company website deface
Company website deface
What can be hacked?
Software
• Company website
• Web app controlling telescope
Hardware
Process
People
Web application controlling telescope
http://hdwyn.com/european_extremely_large_telescope_chili_hd-wallpaper-89939/
Web application controlling telescope
http://hdwyn.com/european_extremely_large_telescope_chili_hd-wallpaper-89939/ http:/...
What can be hacked?
Software
• Company website
• Web app controlling telescope
• Operations centre
Hardware
Process
People
Operations centre information
Goldeneye weapon of mass destruction
http://jamesbond.wikia.com/wiki/Satellites
What can be hacked?
Software
Hardware
• Take over a satellite
Process
People
Tamil Tigers hacked a satellite
http://pixgood.com/aryabhatta-satellite.html
GPS clocks
What can be hacked?
Software
Hardware
• Take over a satellite
• Jamming / tampering GPS signal
Process
People
Hacking drones by tampering GPS signal
Tomorrow never dies GPS signal jamming
What can be hacked?
Software
Hardware
• Take over a satellite
• Jamming / tampering GPS signal
• Communication with rocket...
Amateur radio ham contacts ISS
What can be hacked?
Software
Hardware
Process
• Remote software update
People
Voyager 1
https://en.wikipedia.org/wiki/Voyager_1
Exported encryption is bad enough
What can be hacked?
Software
Hardware
Process
• Remotely updating software
• Deploying software on a telescope / spaceship...
Malware infects developers
SCADA worm
What can be hacked?
Software
Hardware
Process
People
• ?
Phishing
Albanian virus
https://ifunny.co/tags/virus/1441876610
HOW TO PROTECT?
Who can possibly attack your solution?
How can he achieve it?
What can you do?
How to protect?
http://the-tech-guy.net/201...
Should we worry?
Thank you
Now go and change your passwords
jakub.kaluzny@securing.pl
MORE THAN
SECURITY
TESTING
Free security consultancy ...
Próximos SlideShares
Carregando em…5
×

ESA - Hacking the aerospace industry - should we worry ?

705 visualizações

Publicada em

This more entertaining than technical presentation aims to raise security awareness of scientists and astronomers in European Space Agency. Presented in ESAC, Madrid, 16.11.2015

Publicada em: Tecnologia
  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

ESA - Hacking the aerospace industry - should we worry ?

  1. 1. Hacking the aerospace industry – should we worry? Jakub Kaluzny European Space Agency, Madrid, 2015
  2. 2. whoami ESAC project in 2012, beer&tapas lover Sr. IT Security Consultant at SecuRing • Consulting all phases of development • penetration tests • high-risk applications and systems Researcher • Hadoop, FOREX, MFP printers, proprietary network protocols • Aerospace industry?
  3. 3. Agenda – hacking space industry Who is your enemy? What can be hacked? How to protect?
  4. 4. WHO?
  5. 5. Script-kiddies
  6. 6. More sophisticated script-kiddies
  7. 7. Whitehats
  8. 8. Bounty hunters
  9. 9. Professionals
  10. 10. WHAT?
  11. 11. What can be hacked? Software • Company website Hardware Process People
  12. 12. Company website deface
  13. 13. Company website deface
  14. 14. What can be hacked? Software • Company website • Web app controlling telescope Hardware Process People
  15. 15. Web application controlling telescope http://hdwyn.com/european_extremely_large_telescope_chili_hd-wallpaper-89939/
  16. 16. Web application controlling telescope http://hdwyn.com/european_extremely_large_telescope_chili_hd-wallpaper-89939/ http://www.damncoolpictures.com/2014/11/these-photos-will-definitely-mess-with.html
  17. 17. What can be hacked? Software • Company website • Web app controlling telescope • Operations centre Hardware Process People
  18. 18. Operations centre information
  19. 19. Goldeneye weapon of mass destruction http://jamesbond.wikia.com/wiki/Satellites
  20. 20. What can be hacked? Software Hardware • Take over a satellite Process People
  21. 21. Tamil Tigers hacked a satellite http://pixgood.com/aryabhatta-satellite.html
  22. 22. GPS clocks
  23. 23. What can be hacked? Software Hardware • Take over a satellite • Jamming / tampering GPS signal Process People
  24. 24. Hacking drones by tampering GPS signal
  25. 25. Tomorrow never dies GPS signal jamming
  26. 26. What can be hacked? Software Hardware • Take over a satellite • Jamming / tampering GPS signal • Communication with rockets / spacecrafts / space stations Process People
  27. 27. Amateur radio ham contacts ISS
  28. 28. What can be hacked? Software Hardware Process • Remote software update People
  29. 29. Voyager 1 https://en.wikipedia.org/wiki/Voyager_1
  30. 30. Exported encryption is bad enough
  31. 31. What can be hacked? Software Hardware Process • Remotely updating software • Deploying software on a telescope / spaceship / whatever People
  32. 32. Malware infects developers
  33. 33. SCADA worm
  34. 34. What can be hacked? Software Hardware Process People • ?
  35. 35. Phishing
  36. 36. Albanian virus https://ifunny.co/tags/virus/1441876610
  37. 37. HOW TO PROTECT?
  38. 38. Who can possibly attack your solution? How can he achieve it? What can you do? How to protect? http://the-tech-guy.net/2012/10/30/an-ultimate-solution-that-stops-people-from-hacking-your- passwords/
  39. 39. Should we worry?
  40. 40. Thank you Now go and change your passwords jakub.kaluzny@securing.pl MORE THAN SECURITY TESTING Free security consultancy service: www.securing.pl/konsultacje @j_kaluzny

×