Actu
ZeroNights hacking conference featured a guide to hijacking a plane, a car, or kidnapping a child
December 2012 by
On November 19 and 20, the international ZeroNights conference, organized by ERPScan, was held in Moscow, where security researchers shared their news about the security issues of computers and everything related to them.
Digital technologies are far from just personals computers now, and electronics are used virtually everywhere, so the attention of researchers and cybercriminals alike has been drawn to the devices and systems which are most closely connected with people’s lives, their safety and well-being.
A certain symbol for the breakout of such research (although it had existed before, of course) is the Stuxnet worm, which infects industrial systems, and the latest research of attacks on insulin probes and cardiostimulators.
The attacks that were presented at ZeroNights are not as scary but a lot more realistic.
In the course of their research of embedded devices security, ERPScan analysts have studied the tracking and location tools called GPS trackers, which are widely used to track the whereabouts of cars, children, and even criminals. Those devices are also often used to replace or supplement car alarm systems.
The researchers have managed to conduct an attack which allowed replacing the location of an object on the map with just one SMS sent to the device’s cell number, which is easily found out by hacking the website of the tracking service or sniffing GSM traffic near the device.
The conference featured a live demo where the device was in the conference hall but started to move across the map frantically after the SMS was sent.
It is easy to imagine the reverse situation where a criminal steals a car and signals to the device that the car is in place. Moreover, it is much more serviceable than suppressing the GPS signal because in that case the very fact of hijacking would be obvious.
“Easy execution makes the attack especially dangerous because the majority of users (30%) neglect passwords. But even if there was a password, a cybercriminal would be able to conduct similar attacks without knowing it or simply disable the device by sending it into infinite restart loop. We are currently investigating other, more sophisticated security issues of such devices” - said Dmitry Chastukhin, a security researcher in ERPScan.
Another research was presented by Andrei Costin, a Ph.D. candidate in embedded devices security in EURECOM University. He found out that, using relatively cheap devices which cost from 300 to 1500 USD and a couple dozens of uncomplicated code strings, it is possible to modify the signals of ADS-B protocol: an air traffic control system used by pilots and dispatchers to track the location of airplanes and transmit other parameters and data important for the flight.
It turned out - which is, to say the least, weird, if not horrifying - that this protocol does not use any defensive measures to transmit data, such as encryption and strong cryptographic signature, in spite of crucial significance of flight and support systems security for flight control and management.
Obviously, it allows tracking all airplanes in real-time and, most importantly, airing fake data or replacing data in genuine packets to, for example, imitate a plane collision on the screens of flight controllers. The consequences may vary from panic in flight control headquarters to, in theory, initiation of counter-terrorism procedures and emergency alerts on the ground.
“We are going to proceed with researching Traffic alert and Collision Avoidance System (TCAS)”, - Andrei said.
Stay tuned and have nice and safe trips wherever you go!
