Security Expert Claims
Satcom Vulnerable To Hacking
At last week’s Black Hat USA 2014
conference, Ruben Santamarta, the principal security consultant at IOActive
Security Services, raised the issue of whether satellite communications systems
have security vulnerabilities that might allow hackers to gain access to
aircraft systems. Santamarta and IOActive published a white paper
that discusses security vulnerabilities in air, sea and land satcom systems.
“Today we are disclosing details to help people verify those findings,”
Santamarta explained. Basically, Santamarta claimed to
show how he was able to gain access to satellite data units (SDU) through
so-called back doors and hard-coded credentials in firmware. (He did not have
access to actual satcom hardware.) “If we can compromise the SDU,” he added, “we
can access the MCDU [multipurpose control display unit] through the Arinc 429
bus. Then we can finally reach a critical device in the cockpit.” Santamarta did
not demonstrate a real attack on the MCDU and admitted, “That doesn’t mean you
can crash an aircraft.” While everyone in aviation should take security
seriously, this particular situation isn’t a concern, according to Ken Bantoft,
vice president of satcom technology and development at Satcom Direct. A satcom
connected to the 429 bus has read-only access to the bus, he explained, to
provide position information to steer the satcom antenna. “You cannot inject
data. Transmit and receive [functions] are on independent buses. At worst they
know where you are.”
Ingen kommentarer:
Legg inn en kommentar
Merk: Bare medlemmer av denne bloggen kan legge inn en kommentar.