The Malaysian Airlines Flight MH370 probably crashed into the Indian Ocean, but what really went on inside the plane is yet to be revealed by investigators. Is it possible that the MH370 was actually cyber-hijacked by a seasoned hacker? Interestingly, relevant proof-of-concepts have already been demonstrated by InfoSec experts.
Hugo Teso, a German InfoSec expert, made his presentation at last year’s Hack in the Box (HITB) conference in Amsterdam. Teso simply pulled out his cell phone and shocked the visitors with his unique plane-hacking application, named PlaneSploit. Teso’s maliciously programmed app easily contaminated the demo aircraft’s system and gave him full access. Is it possible that this well-orchestrated “controlled experiment” could have evolved into a real-life scenario aboard Flight MH370?
The main aspects of the flight technology the various proof-of-concepts deal with are:
The aforementioned demonstration by Teso exposed a serious vulnerability in the ACARS and also uncovered loopholes in flight management software made by leading companies such as Honeywell, Thales and Rockwell Collins. For the finale, he also showed how he can take control of the plane and navigate it like a toy using his phone.
Andrei Costin’s “Ghost in the Air (Traffic)“, presented at the Black Hat USA 2012, dealt with the loopholes in the ADS-B system. The attacks were implemented using Universal Software Radio Peripheral (USRP). In a separate Def Con 20 demo, hackers exploited the lack of encryption in the ADS-B protocol and made ghost planes appear on the radar.
More and more security experts are mentioning the possibility that the MH370’s on-board entertainment system was used to gain access to the main computer and alter the jet’s course. Aviation officials were quick to fire down these theories, but the InfoSec demos mentioned in this article prove that the explanations are not that unrealistic.
Only time will tell what happened to the ill-fated Malaysian Airlines MH370 passenger jet after take-off. But the security issues in airplanes, control centers and communication equipment cannot be ignored anymore. The radio transmissions need to be encrypted and the various involved databases must be coded safely to minimize vulnerabilities.
Information Security is a necessity in the aviation industry and must be taken seriously to prevent dangerous security breaches. To read more about Source Code Analysis (SCA) – Click Here
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.