New realities in aviation security remotely gaining control of aircraft systems

•

1 recomendación•620 vistas

DaveEdwards12

Tecnología Empresariales

AIR TRANSPORT
●
2.8 billion
– People flown in 2011.
●
38 million
– Number of flights in 2011
MARITIME TRANSPORT
●
30,936
– Transport ships in 2011
●
8,7 billion tons
– Seaborne trade on 2012

Part I
– Traditional technologies
Part II
– New risks and attack vectors
Agenda

Older technologies
Primary Surveillance
Radars (PSR)
✈ Detects presence of
planes via the reflection of
radio waves by the planes.
Secondary Surveillance
Radars (SSR)
✈ Detects and measures the
position of aircrafts, requests
additional information from
them.

Legacy systems Glass cockpit
Older technologies

Attack overview
DISCOVERY
✈ ADS-B
GATHERING
✈ ACARS
EXPLOITATION
✈ Systems

DISCOVERY - ADS-B
Automatic Dependent Surveillance-Broadcast
✈ Radar substitute
✈ Position, velocity, identification

GATHERING - ACARS
Aircraft Communications Addressing and
Reporting System
✈ Digital data link for transmission of messages
between aircraft and ground stations

EXPLOITATION - FMS
✈Flight Management System
– Typically consists of two units:
» A computer unit
» A control display unit
✈Control Display Unit (CDU or
MCDU) provides the primary
human/machine interface for data
entry and information display.
✈FMS provides:
» Navigation
» Flight planning
» Trajectory prediction
» Performance computations
» Guidance

EXPLOITATION - Attack delivery
Ground Service providers
●
The “glue” of the aviation
ecosystem
house
Software Defined Radio
●
A radio communication
system where hardware
components are
implemented by means
of software.

Unmanned Aircraft Systems
COMMUNICATIONS
– SATCOM
●
Iridium
●
Ku-Band
●
C/S-Band
– VHF
●
:-)
NON-SEGREGATED
AIRSPACE
●
Civil aviation systems
– COTS/MOTS
– Vulnerable:
●
Protocols
●
Systems

Remediation
Where to start from?
– ✈ NextGen Security
●
On-board systems security
audit
– ✈ Who is affected?
●
Manufacturers
●
Ground Service Providers
●
Airlines/Operators

Remember: Safety is NOT Security
hugo.teso@nruns.com
Additional resources
– RootedCon 2012
●
Slides: http://x90.es/7e4
●
Video: http://x90.es/7e5
– HITB 2013
●
Slides: http://x90.es/7e6
●
Video: http://x90.es/7e7

Más contenido relacionado

Similar a New realities in aviation security remotely gaining control of aircraft systems

Project01 atcAhmed S. AL-Qahtani

DeepakKumar Kranti

DeepakMohit Raj

International Journal of Engineering and Science Invention (IJESI)inventionjournals

International Journal of Engineering and Science Invention (IJESI) inventionjournals

Cyber security in_next_gen_air_transportation_system_wo_videoOWASP Delhi

Global Defense Telemetry Market Sizedefensemarket98

Global Defense Telemetry Market Reportdefensemarket98

Global Defense Telemetry Marketaviationdefense30

Seban pptKevin ITian

A Brighter Future for the Black BoxJLLARMOR

ΕΛΙΣΜΕ ΓΕΕΘΑ 20181126 2.1 Κωνσταντίνος Μέλλος «Αντιμετωπίζοντας τις Σύγχρονες...Ελληνικό Ινστιτούτο Στρατηγικών Μελετών (ΕΛΙΣΜΕ)

Global Defense Telemetry MarketAviationandDefensema

Global Defense Telemetry Market Sizeaviationdefensemarke

Global Defense Telemetry Market Report Sizeaviationdefensemarke

Global Defense Telemetry Market Sizeaviationmarketreport

Global Defense Telemetry Market Reportaviationdefense30

Global Defense Telemetry Market Forecastaviationmarketreport

Global Defense Telemetry Marketaviationindustrymark

Global Defense Telemetry Market Reportaviationindustry67

Similar a New realities in aviation security remotely gaining control of aircraft systems (20)

Project01 atc

Deepak

International Journal of Engineering and Science Invention (IJESI)

Cyber security in_next_gen_air_transportation_system_wo_video

Global Defense Telemetry Market Size

Global Defense Telemetry Market Report

Global Defense Telemetry Market

Seban ppt

A Brighter Future for the Black Box

ΕΛΙΣΜΕ ΓΕΕΘΑ 20181126 2.1 Κωνσταντίνος Μέλλος «Αντιμετωπίζοντας τις Σύγχρονες...

Global Defense Telemetry Market

Global Defense Telemetry Market Size

Global Defense Telemetry Market Report Size

Global Defense Telemetry Market Size

Global Defense Telemetry Market Report

Global Defense Telemetry Market Forecast

Global Defense Telemetry Market

Global Defense Telemetry Market Report

Más de DaveEdwards12

Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwareDaveEdwards12

A Journey to Protect Points of Sale (POS)DaveEdwards12

Man in the Browser attacks on online banking transactionsDaveEdwards12

New realities in aviation security remotely gaining control of aircraft systemsDaveEdwards12

Insecurity in security products 2013DaveEdwards12

Why current security solutions failDaveEdwards12

Anatomy of business logic vulnerabilitiesDaveEdwards12

Using 80 20 rule in application security managementDaveEdwards12

Top Application Security Trends of 2012DaveEdwards12

Vulnerability in Security ProductsDaveEdwards12

Insecurity in security products v1.5DaveEdwards12

Más de DaveEdwards12 (11)

Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware

A Journey to Protect Points of Sale (POS)

Man in the Browser attacks on online banking transactions

New realities in aviation security remotely gaining control of aircraft systems

Insecurity in security products 2013

Why current security solutions fail

Anatomy of business logic vulnerabilities

Using 80 20 rule in application security management

Top Application Security Trends of 2012

Vulnerability in Security Products

Insecurity in security products v1.5

Último

Corporate and higher education May webinar.pptxRustici Software

CNIC Information System with Pakdata Cf In Pakistandanishmna97

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood

ICT role in 21st century education and its challengesrafiqahmad00786416

MS Copilot expands with MS Graph connectorsNanddeep Nachan

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub

presentation ICT roal in 21st century educationjfdjdjcjdnsjd

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93

Architecting Cloud Native ApplicationsWSO2

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub

Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1

DBX First Quarter 2024 Investor PresentationDropbox

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software

Why Teams call analytics are critical to your entire businesspanagenda

Exploring Multimodal Embeddings with MilvusZilliz

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays

Platformless Horizons for Digital AdaptabilityWSO2

Understanding the FAA Part 107 License ..Christopher Logan Kennedy

TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10

New realities in aviation security remotely gaining control of aircraft systems

1. Transport Security

2. AIR TRANSPORT ● 2.8 billion – People flown in 2011. ● 38 million – Number of flights in 2011 MARITIME TRANSPORT ● 30,936 – Transport ships in 2011 ● 8,7 billion tons – Seaborne trade on 2012

3. Safety is NOT Security

4. New technologies, new threats... ...new requirements: ● IT Security profile – New systems – Automation ● Aviation profile – Specific knowledge – Own technologies – Standards

5. Part I – Traditional technologies Part II – New risks and attack vectors Agenda

6. Traditional technologies Good old days

7. Older technologies Primary Surveillance Radars (PSR) ✈ Detects presence of planes via the reflection of radio waves by the planes. Secondary Surveillance Radars (SSR) ✈ Detects and measures the position of aircrafts, requests additional information from them.

8. Legacy systems Glass cockpit Older technologies

9. New technologies Risks and attacks

10. Attack overview DISCOVERY ✈ ADS-B GATHERING ✈ ACARS EXPLOITATION ✈ Systems

11. THE TARGET SOFTWARE

12. DISCOVERY - ADS-B Automatic Dependent Surveillance-Broadcast ✈ Radar substitute ✈ Position, velocity, identification

13. GATHERING - ACARS Aircraft Communications Addressing and Reporting System ✈ Digital data link for transmission of messages between aircraft and ground stations

14. EXPLOITATION - FMS ✈Flight Management System – Typically consists of two units: » A computer unit » A control display unit ✈Control Display Unit (CDU or MCDU) provides the primary human/machine interface for data entry and information display. ✈FMS provides: » Navigation » Flight planning » Trajectory prediction » Performance computations » Guidance

15. EXPLOITATION - Attack delivery Ground Service providers ● The “glue” of the aviation ecosystem house Software Defined Radio ● A radio communication system where hardware components are implemented by means of software.

16. Unmanned Aircraft Systems COMMUNICATIONS – SATCOM ● Iridium ● Ku-Band ● C/S-Band – VHF ● :-) NON-SEGREGATED AIRSPACE ● Civil aviation systems – COTS/MOTS – Vulnerable: ● Protocols ● Systems

17. Remediation Where to start from? – ✈ NextGen Security ● On-board systems security audit – ✈ Who is affected? ● Manufacturers ● Ground Service Providers ● Airlines/Operators

18. Remember: Safety is NOT Security hugo.teso@nruns.com Additional resources – RootedCon 2012 ● Slides: http://x90.es/7e4 ● Video: http://x90.es/7e5 – HITB 2013 ● Slides: http://x90.es/7e6 ● Video: http://x90.es/7e7

New realities in aviation security remotely gaining control of aircraft systems

Recomendados

Recomendados

Más contenido relacionado

Similar a New realities in aviation security remotely gaining control of aircraft systems

Similar a New realities in aviation security remotely gaining control of aircraft systems (20)

Más de DaveEdwards12

Más de DaveEdwards12 (11)

Último

Último (20)

New realities in aviation security remotely gaining control of aircraft systems