[LINK] Cyber hijack of MH370?

Jan Whitaker jwhit at janwhitaker.com
Mon Mar 17 10:48:16 AEDT 2014 

We've talked before about the vulnerability of 
SCADA systems in the energy/utility sector. This 
potential on an aircraft is downright scary.

Missing Malaysia Airlines flight could have 
fallen victim to world's first 'cyber-hijack'
March 17, 2014 - 9:42AM
Deborah Gough
http://www.theage.com.au/it-pro/security-it/missing-malaysia-airlines-flight-could-have-fallen-victim-to-worlds-first-cyberhijack-20140316-hvji3.html

[snip]
Dr Leivesley, who runs her own company training 
businesses and governments to counter terrorist 
attacks, told the Sunday Express she believed 
malicious codes, triggered by a mobile phone, 
would have been able to override the aircraft’s security.

“There appears to be an element of planning from 
someone with a very sophisticated systems 
engineering understanding,” Dr Leivesley said.

“This is a very early version of what I would 
call a smart plane, a fly-by-wire aircraft controlled by electronic signals.

“It is looking more and more likely that the 
control of some systems was taken over in a 
deceptive manner, either manually, so someone 
sitting in a seat overriding the autopilot, or 
via a remote device turning off or overwhelming the systems.

“A mobile phone could have been used to do so or a USB stick.

“When the plane is air-side, you can insert a set 
of commands and codes that may initiate, on signal, a set of processes.”

Dr Leivesley said the hacking threat was raised 
at a science conference in China last year.

“What we are finding now is that it is possible 
with a mobile phone to initiate a signal to a 
preset piece of malicious software, or malware, 
in the computer that initiates a whole set of instructions,’’ she said.

“It is possible for hackers — be they part of 
organised crime or with government backgrounds — 
to get into the main computer network of the 
plane through the inflight, onboard entertainment system.

“If you have got any connections whatsoever 
between the computing systems, you can jump 
across and you can get into the flight critical system.

“To really protect your computer systems, you do 
not let anything connect with them and you would 
keep the inflight systems totally in their own 
loop so nothing whatsoever connects.

“There are now a number of ways, however, in 
which the gap between those systems and a 
hand-held device like a mobile phone can be overcome.”

The Sunday Express reported that last April, a 
German security consultant and commercial pilot 
unveiled a way to hijack a plane remotely using a phone.

Addressing the Hack In The Box security summit in 
Amsterdam, the consultant Hugo Teso said he had 
spent three years developing a series of 
malicious codes on a mobile phone app called 
PlaneSploit that hacked into an aircraft’s security system.




Melbourne, Victoria, Australia
jwhit at janwhitaker.com

Sooner or later, I hate to break it to you, 
you're gonna die, so how do you fill in the space 
between here and there? It's yours. Seize your space.
~Margaret Atwood, writer

_ __________________ _

More information about the Link mailing list