Abstract image of a woman sitting on books and studying on a laptop

New realities in aviation security remotely gaining control of aircraft systems

D
DaveEdwards12

This document discusses security issues in air and maritime transport. It notes that over 2.8 billion people and 38 million flights took place in 2011 for air transport, while over 30,000 transport ships and 8.7 billion tons of seaborne trade occurred that year for maritime transport. The document outlines traditional surveillance technologies like primary and secondary radar still used today. It then discusses new security risks and technologies, describing how attackers could potentially discover aircraft using ADS-B, gather data on aircraft using ACARS, and exploit aircraft systems like the flight management system. The document advocates addressing these issues through initiatives like NextGen security and auditing on-board systems, as well as involving manufacturers, ground service providers, and airlines in re

BusinessTechnology
1 of 18
Downloaded 38 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Transport Security
AIR TRANSPORT ● 2.8 billion – People flown in 2011. ● 38 million – Number of flights in 2011 MARITIME TRANSPORT ● 30,936 – Transport ships in 2011 ● 8,7 billion tons – Seaborne trade on 2012
Safety is NOT Security
New technologies, new threats... ...new requirements: ● IT Security profile – New systems – Automation ● Aviation profile – Specific knowledge – Own technologies – Standards
Part I – Traditional technologies Part II – New risks and attack vectors Agenda
Traditional technologies Good old days
Older technologies Primary Surveillance Radars (PSR) ✈ Detects presence of planes via the reflection of radio waves by the planes. Secondary Surveillance Radars (SSR) ✈ Detects and measures the position of aircrafts, requests additional information from them.
Legacy systems Glass cockpit Older technologies
New technologies Risks and attacks
Attack overview DISCOVERY ✈ ADS-B GATHERING ✈ ACARS EXPLOITATION ✈ Systems
THE TARGET SOFTWARE
DISCOVERY - ADS-B Automatic Dependent Surveillance-Broadcast ✈ Radar substitute ✈ Position, velocity, identification
GATHERING - ACARS Aircraft Communications Addressing and Reporting System ✈ Digital data link for transmission of messages between aircraft and ground stations
EXPLOITATION - FMS ✈Flight Management System – Typically consists of two units: » A computer unit » A control display unit ✈Control Display Unit (CDU or MCDU) provides the primary human/machine interface for data entry and information display. ✈FMS provides: » Navigation » Flight planning » Trajectory prediction » Performance computations » Guidance
EXPLOITATION - Attack delivery Ground Service providers ● The “glue” of the aviation ecosystem house Software Defined Radio ● A radio communication system where hardware components are implemented by means of software.
Unmanned Aircraft Systems COMMUNICATIONS – SATCOM ● Iridium ● Ku-Band ● C/S-Band – VHF ● :-) NON-SEGREGATED AIRSPACE ● Civil aviation systems – COTS/MOTS – Vulnerable: ● Protocols ● Systems
Remediation Where to start from? – ✈ NextGen Security ● On-board systems security audit – ✈ Who is affected? ● Manufacturers ● Ground Service Providers ● Airlines/Operators
Remember: Safety is NOT Security hugo.teso@nruns.com Additional resources – RootedCon 2012 ● Slides: http://x90.es/7e4 ● Video: http://x90.es/7e5 – HITB 2013 ● Slides: http://x90.es/7e6 ● Video: http://x90.es/7e7

More Related Content

PDF
"Galileo-EGNOS as an Asset for UTM and Security", por Ángel Rodríguez - Unive...
Agencia Andaluza del Conocimiento
 
PPTX
Euro hawk uav, germany death by certification
hindujudaic
 
PPTX
Airport security – aviation security
IIAC
 
PPT
General Aviation Security
ERAUWebinars
 
PDF
The Aviation Security Service of NZ
Andrea Hoymann
 
PPT
Aviation security -_chpt1
carlinclarke
 
PDF
Conflict Zones - ERA operations group 28.04.2015
Philippe Carous
 
PDF
Airport Security
Samantha Choo
 
"Galileo-EGNOS as an Asset for UTM and Security", por Ángel Rodríguez - Unive...
Agencia Andaluza del Conocimiento
 
Euro hawk uav, germany death by certification
hindujudaic
 
Airport security – aviation security
IIAC
 
General Aviation Security
ERAUWebinars
 
The Aviation Security Service of NZ
Andrea Hoymann
 
Aviation security -_chpt1
carlinclarke
 
Conflict Zones - ERA operations group 28.04.2015
Philippe Carous
 
Airport Security
Samantha Choo
 

Viewers also liked (7)

PDF
Civil Aviation Security: Why we should pay attention to past and recent IED a...
IATA Training & Development Institute
 
PPTX
Surveillance
Jennifer Howard
 
PPT
Surveillance Systems
Ultraman Taro
 
PPTX
PPt Presentation on CNS (AAI)
Abhishek Raj
 
PPT
AVIATION SECURITY PRESENTATION
Paul Mears Phd.
 
PPTX
Safety & Security Airports
Amidee Azizan Stringfellow
 
PPTX
Surveillance
Akhilesh Bhargava
 
Civil Aviation Security: Why we should pay attention to past and recent IED a...
IATA Training & Development Institute
 
Surveillance
Jennifer Howard
 
Surveillance Systems
Ultraman Taro
 
PPt Presentation on CNS (AAI)
Abhishek Raj
 
AVIATION SECURITY PRESENTATION
Paul Mears Phd.
 
Safety & Security Airports
Amidee Azizan Stringfellow
 
Surveillance
Akhilesh Bhargava
 
Ad

Similar to New realities in aviation security remotely gaining control of aircraft systems (20)

PDF
RADAR, Mlat, ADS, Bird RADAR, Weather RADAR Guide
Afghanistan civil aviation institute
 
PDF
NACCDCA9P08 (1).pdf
ssuser2714fe
 
PPT
Wind Profile CETC
Fahmi Hidayat
 
PDF
_What is Drone Technology, How works and It’s Future.pdf
Eyasin Ansari
 
PPTX
Project01 atc
Ahmed S. AL-Qahtani
 
PPTX
Deepak
Mohit Raj
 
PPTX
Deepak
Kumar Kranti
 
PDF
International Journal of Engineering and Science Invention (IJESI)
inventionjournals
 
PDF
International Journal of Engineering and Science Invention (IJESI)
inventionjournals
 
PPTX
Cyber security in_next_gen_air_transportation_system_wo_video
OWASP Delhi
 
PDF
Global Defense Telemetry Market Size
defensemarket98
 
PDF
Global Defense Telemetry Market Report
defensemarket98
 
PDF
Global Defense Telemetry Market
aviationdefense30
 
PPTX
Seban ppt
Kevin ITian
 
DOC
A Brighter Future for the Black Box
JLLARMOR
 
PDF
ΕΛΙΣΜΕ ΓΕΕΘΑ 20181126 2.1 Κωνσταντίνος Μέλλος «Αντιμετωπίζοντας τις Σύγχρονες...
Ελληνικό Ινστιτούτο Στρατηγικών Μελετών (ΕΛΙΣΜΕ)
 
PDF
Global Defense Telemetry Market
AviationandDefensema
 
PDF
Global Defense Telemetry Market Report
aviationdefense30
 
PDF
Global Defense Telemetry Market Report
aviationindustry67
 
PDF
Global Defense Telemetry Market Forecast
aviationaviation20
 
RADAR, Mlat, ADS, Bird RADAR, Weather RADAR Guide
Afghanistan civil aviation institute
 
NACCDCA9P08 (1).pdf
ssuser2714fe
 
Wind Profile CETC
Fahmi Hidayat
 
_What is Drone Technology, How works and It’s Future.pdf
Eyasin Ansari
 
Project01 atc
Ahmed S. AL-Qahtani
 
Deepak
Mohit Raj
 
Deepak
Kumar Kranti
 
International Journal of Engineering and Science Invention (IJESI)
inventionjournals
 
International Journal of Engineering and Science Invention (IJESI)
inventionjournals
 
Cyber security in_next_gen_air_transportation_system_wo_video
OWASP Delhi
 
Global Defense Telemetry Market Size
defensemarket98
 
Global Defense Telemetry Market Report
defensemarket98
 
Global Defense Telemetry Market
aviationdefense30
 
Seban ppt
Kevin ITian
 
A Brighter Future for the Black Box
JLLARMOR
 
ΕΛΙΣΜΕ ΓΕΕΘΑ 20181126 2.1 Κωνσταντίνος Μέλλος «Αντιμετωπίζοντας τις Σύγχρονες...
Ελληνικό Ινστιτούτο Στρατηγικών Μελετών (ΕΛΙΣΜΕ)
 
Global Defense Telemetry Market
AviationandDefensema
 
Global Defense Telemetry Market Report
aviationdefense30
 
Global Defense Telemetry Market Report
aviationindustry67
 
Global Defense Telemetry Market Forecast
aviationaviation20
 
Ad

More from DaveEdwards12 (11)

PDF
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
DaveEdwards12
 
PDF
A Journey to Protect Points of Sale (POS)
DaveEdwards12
 
PPTX
Man in the Browser attacks on online banking transactions
DaveEdwards12
 
PDF
New realities in aviation security remotely gaining control of aircraft systems
DaveEdwards12
 
PPT
Insecurity in security products 2013
DaveEdwards12
 
PPT
Why current security solutions fail
DaveEdwards12
 
PPTX
Anatomy of business logic vulnerabilities
DaveEdwards12
 
PPTX
Using 80 20 rule in application security management
DaveEdwards12
 
PPTX
Top Application Security Trends of 2012
DaveEdwards12
 
PPTX
Vulnerability in Security Products
DaveEdwards12
 
PPTX
Insecurity in security products v1.5
DaveEdwards12
 
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
DaveEdwards12
 
A Journey to Protect Points of Sale (POS)
DaveEdwards12
 
Man in the Browser attacks on online banking transactions
DaveEdwards12
 
New realities in aviation security remotely gaining control of aircraft systems
DaveEdwards12
 
Insecurity in security products 2013
DaveEdwards12
 
Why current security solutions fail
DaveEdwards12
 
Anatomy of business logic vulnerabilities
DaveEdwards12
 
Using 80 20 rule in application security management
DaveEdwards12
 
Top Application Security Trends of 2012
DaveEdwards12
 
Vulnerability in Security Products
DaveEdwards12
 
Insecurity in security products v1.5
DaveEdwards12
 

Recently uploaded (20)

PDF
Shriram Finance, one of India's leading financial services companies, which o...
Sanjit Singh
 
PDF
COVID-19 Primer for business case prep.pdf
AakritiGupta862151
 
PDF
Chembond Chemicals Limited Presentation 2025
Chembond Chemicals Limited
 
PDF
Handouts for Housekeeping.pdfbababvsvvNnnh
MarkallainFrancisco
 
PDF
Management Theories and Digitalization at Emirates Airline
udayvohra4
 
PDF
IFRS Green Book_Part B for professional pdf
andargie2015
 
PDF
France's Top 5 Promising EdTech Companies to Watch in 2025.pdf
educationexcellencem
 
DOCX
“Strategic management process of a selected organization”.Nestle-docx.docx
mkamumin08
 
PPTX
PPT Hafizullah Oria- Final Thesis Exam.pptx
Ehsanullah Oria
 
DOCX
Handbook of entrepreneurship- Chapter 10 - Feasibility analysis by Subin K Mohan
DrSubinKMohan
 
PPTX
Business Research Methods- Secondary Data
DanielOdhiambo9
 
PDF
The Relationship between Leadership Behaviourand Firm Performance in the Read...
Dr. Nazrul Islam
 
PPTX
UNIT 3 INTERNATIONAL BUSINESS [Autosaved].pptx
pratyanshvish01
 
PDF
BeMetals_Presentation_September_2025.pdf
DerekIwanaka2
 
PPTX
003 seven PARTS OF SPEECH english subject.pptx
ramosrhealyn370
 
PPTX
OS ALL UNITS MATxtdtc5ctc5cycgctERIAL.pptx
kanirudhsingh2357
 
PPTX
PwC consulting Powerpoint Graphics 2014 templates
tjmajingyan
 
PDF
The Impact of Policy Changes on Legal Communication Strategies (www.kiu.ac.ug)
publication11
 
PDF
El futuro empresarial 2024 una vista gen
dannflolo1
 
PPTX
Warehouse. B pptx
manojx177
 
Shriram Finance, one of India's leading financial services companies, which o...
Sanjit Singh
 
COVID-19 Primer for business case prep.pdf
AakritiGupta862151
 
Chembond Chemicals Limited Presentation 2025
Chembond Chemicals Limited
 
Handouts for Housekeeping.pdfbababvsvvNnnh
MarkallainFrancisco
 
Management Theories and Digitalization at Emirates Airline
udayvohra4
 
IFRS Green Book_Part B for professional pdf
andargie2015
 
France's Top 5 Promising EdTech Companies to Watch in 2025.pdf
educationexcellencem
 
“Strategic management process of a selected organization”.Nestle-docx.docx
mkamumin08
 
PPT Hafizullah Oria- Final Thesis Exam.pptx
Ehsanullah Oria
 
Handbook of entrepreneurship- Chapter 10 - Feasibility analysis by Subin K Mohan
DrSubinKMohan
 
Business Research Methods- Secondary Data
DanielOdhiambo9
 
The Relationship between Leadership Behaviourand Firm Performance in the Read...
Dr. Nazrul Islam
 
UNIT 3 INTERNATIONAL BUSINESS [Autosaved].pptx
pratyanshvish01
 
BeMetals_Presentation_September_2025.pdf
DerekIwanaka2
 
003 seven PARTS OF SPEECH english subject.pptx
ramosrhealyn370
 
OS ALL UNITS MATxtdtc5ctc5cycgctERIAL.pptx
kanirudhsingh2357
 
PwC consulting Powerpoint Graphics 2014 templates
tjmajingyan
 
The Impact of Policy Changes on Legal Communication Strategies (www.kiu.ac.ug)
publication11
 
El futuro empresarial 2024 una vista gen
dannflolo1
 
Warehouse. B pptx
manojx177
 

New realities in aviation security remotely gaining control of aircraft systems

  • 2. AIR TRANSPORT ● 2.8 billion – People flown in 2011. ● 38 million – Number of flights in 2011 MARITIME TRANSPORT ● 30,936 – Transport ships in 2011 ● 8,7 billion tons – Seaborne trade on 2012
  • 3. Safety is NOT Security
  • 4. New technologies, new threats... ...new requirements: ● IT Security profile – New systems – Automation ● Aviation profile – Specific knowledge – Own technologies – Standards
  • 5. Part I – Traditional technologies Part II – New risks and attack vectors Agenda
  • 7. Older technologies Primary Surveillance Radars (PSR) ✈ Detects presence of planes via the reflection of radio waves by the planes. Secondary Surveillance Radars (SSR) ✈ Detects and measures the position of aircrafts, requests additional information from them.
  • 8. Legacy systems Glass cockpit Older technologies
  • 10. Attack overview DISCOVERY ✈ ADS-B GATHERING ✈ ACARS EXPLOITATION ✈ Systems
  • 12. DISCOVERY - ADS-B Automatic Dependent Surveillance-Broadcast ✈ Radar substitute ✈ Position, velocity, identification
  • 13. GATHERING - ACARS Aircraft Communications Addressing and Reporting System ✈ Digital data link for transmission of messages between aircraft and ground stations
  • 14. EXPLOITATION - FMS ✈Flight Management System – Typically consists of two units: » A computer unit » A control display unit ✈Control Display Unit (CDU or MCDU) provides the primary human/machine interface for data entry and information display. ✈FMS provides: » Navigation » Flight planning » Trajectory prediction » Performance computations » Guidance
  • 15. EXPLOITATION - Attack delivery Ground Service providers ● The “glue” of the aviation ecosystem house Software Defined Radio ● A radio communication system where hardware components are implemented by means of software.
  • 16. Unmanned Aircraft Systems COMMUNICATIONS – SATCOM ● Iridium ● Ku-Band ● C/S-Band – VHF ● :-) NON-SEGREGATED AIRSPACE ● Civil aviation systems – COTS/MOTS – Vulnerable: ● Protocols ● Systems
  • 17. Remediation Where to start from? – ✈ NextGen Security ● On-board systems security audit – ✈ Who is affected? ● Manufacturers ● Ground Service Providers ● Airlines/Operators
  • 18. Remember: Safety is NOT Security [email protected] Additional resources – RootedCon 2012 ● Slides: http://x90.es/7e4 ● Video: http://x90.es/7e5 – HITB 2013 ● Slides: http://x90.es/7e6 ● Video: http://x90.es/7e7