|
|
Subscribe / Log in / New account

OT - Christian and reliable

OT - Christian and reliable

Posted Apr 13, 2013 5:48 UTC (Sat) by Duncan (guest, #6647)
In reply to: OT - Christian and reliable by f.lasseter
Parent article: Hijacking airplanes with an Android phone (Help Net Security)

> do not confuse Christian Science with Christianity.

FWIW this whole subthread is why I didn't specify further. My point was simply that they're a recognized "legit" news organization, and that people otherwise scared away by the name (regardless of whether it was the Christian or the Christian Science bit) shouldn't be. But if I went further than that I'd have felt the need to explain the whole thing from both angles, and well, this isn't the place for that (especially as I tend to get rather verbose), so I tried to leave it at just they're more legit than the name might indicate...

Meanwhile, here's yet another link:

Mashable.com: Can a hacker hijack a plane with an Android app?

http://mashable.com/2013/04/11/hacker-hijack-plane-androi...

There's a few bits of further/further-clarified info in this one:

1) "The key to Teso's hack is that ACARS doesn't have any encryption or authentication features, so the plane can't distinguish between signals that are coming from a hacker or an airport's ground station. That way, he or she could potentially send spoofed malicious signals to affect the behavior of the plane."

Thus it's clearly spoofed info, not buffer overflow or the like (tho from one of the earlier articles he looked briefly at that but decided there simply wasn't the need).

2) The FAA (US Federal Aviation Authority), Honeywell, and EASA (European Aviation Safety Agency) all three are downplaying the attack:

FAA: "[T]he described technique cannot engage or control the aircraft’s autopilot system using the FMS or prevent a pilot from overriding the autopilot[.] Therefore, a hacker cannot obtain 'full control of an aircraft' as the technology consultant has claimed."

3) But 'Teso's fellow security researcher and supervisor Roland Ehlies counters that the hack "would work with at minimum a bit of adaptation" on real planes and software.'

Which is basically the same point I made earlier, that they're deliberately only doing this simulated, and that Honeywell and the authorities are (as might be expected) playing up the simulated bit in ordered to play down the danger, while the fact remains that the jump fro there to real life in use equipment is likely to be a pretty minimal one, rather less of a jump than Honeywell and the authorities are making it out to be, tho it may at the same time be a bit more than Teso and Ehlies are making it out to be.

There's a couple other additional details as well, including noting that this isn't the firs time security issues in modern aviation systems have been exposed: last year at Black Hat, there was a demo of similarly spoofed messages being injected into the next-gen air-traffic-control system ADS-B, popping up fake planes on-screen. (With a further link to that.)

to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds