Planes, Trains and Automobiles (and news stories about hacking them)

News and information from the Advent IM team.

A guest post from Dale Penn, an Advent IM Security Consultant – taking a look at vehicle hacking and questioning how much we really need to fear.

Image courtesy of njaj at FreeDigitalPhotos.net

Image courtesy of njaj at FreeDigitalPhotos.net

Even though the title is a tribute to a classic, well-loved comedy, the subject I am about to discuss is no joke!

All of us have seen recent news such as individuals claiming to be able to hack planes and cars and the more recent grounding of LOT airlines. So is there any substance behind these claims or is it little more than hype?

Planes

A US Government watchdog has recently warned that “Modern aircraft are increasingly connected to the internet. This interconnectedness can potentially provide unauthorised remote access to aircraft avionics system”

The report highlights the fact that cockpit electronics are indirectly connected to the passenger cabin through shared IP networks. The connection between passenger-accessible systems and the avionics of the plane is heavily moderated by firewalls, but information security experts have pointed out that firewalls, like all software, can never be assumed to be totally infallible.

While on a flight, a security researcher was reading about these new warnings that planes were hackable via their Wi-Fi network and tried to add to the debate by pointing out flaws on the aircraft he was sitting in.

So he tweeted from the aircraft that he could hack into the plane’s Wi-Fi network and as a result gain access to the flight’s communications systems.

The Researcher was subsequently detained and questioned by the FBI.

Bearing everything said above, am I going to cancel my holiday abroad later this year? I don’t think so!

Trains

Professor David Stupples told the BBC that the new European Rail Traffic Management System (ERIMS) is potentially a weak point in railway security.

Stupples is concerned that malware could be introduced into the system, either externally or perhaps more likely internally via rogue staff, which could cause trains across Europe to crash.

ERIMS is replacing the railway signals we are all used to with an in-cab computer display instead. Although tests have been underway since 2008, the full ERIMS system is expected to be rolled out and running sometime in the next decade. Which should give plenty of time for weaknesses to be found and closed down, but also plenty of time for the bad guys to find ways around the defences and new malware to exploit the system.

That, of course, is nothing new and is the same fight that every enterprise has when it comes to protecting networks, systems and data. The difference being that when an enterprise system crashes it doesn’t, ordinarily, have the potential to cause loss of life.

Personally from an information perspective I believe the biggest threat to enterprises is the threat from theft, loss, shoulder surfing and eaves dropping as your work force use the commuting time aboard trains as an extension of their office.  Personnel should receive appropriate training as to how they should conduct business outside the office environment.

Automobiles

As information technology advances more and more of it is used in cars to improve performance and driving experience.  Car these days are a rolling network with a suite of processes and wireless communication methods. Is it possible to hack your car and take remote control of its system? Yes it is! But you have to take a step back from this scary thought and view it from a different angle. Who would want to take control of my car? What would they gain from such an attack? The fact of the matter is if someone wanted to sabotage or steal your car there are much easier ways of achieving this without hacking your car. Frankly the effort involved is not worth the reward and the chance of your car being hacked is very, very low.

In my opinion, even though the capability exists, the likelihood of this attack is so low that the recent car hacking claims are little more than hype.

Share this Post