Cyber Threats to the Aviation Industry – 2014
Total Page:16
File Type:pdf, Size:1020Kb
Cyber Threats to the Aviation Industry – 2014 2014 © SenseCy ○ PO Box 395 Bnei Zion 60910, Israel ○ Tel +972-9-7482180 Israel ○ [email protected] Executive Summary The following report presents an overview of cyber threats faced by the aviation industry today. The identified threats stem from the current nature of aviation industry systems, which are interconnected and interdependent, the lack of consolidated regulations, and new technologies that present previously unknown risks. The industry faces major risks on all of its fronts: from the air traffic control systems, to the aircraft themselves, to the airline companies and airports and border crossings. 2016 © SenseCy ○ PO Box 8551, Poleg, Netanya 4250711, Israel ○ Tel +972-9-7482180 Israel ○ [email protected] 1 Table of Contents 1. Introduction .................................................................................................................................. 3 1.1. Major Threats to the Aviation Industry .............................................................................................. 3 1.1.1. Air Traffic Control .......................................................................................................................... 4 1.1.2. Aircraft .......................................................................................................................................... 5 1.1.3. Airlines: Website and Networks .................................................................................................... 5 1.1.4. Airports and Border Authorities .................................................................................................... 5 2. Real-Life Examples of Aviation Cyber Threats .............................................................................. 6 2.1. Air Traffic Control ................................................................................................................................ 6 2.1.1. Researcher Hacks Aircraft Controls with Android Smartphone ..................................................... 6 2.2. Aircraft ................................................................................................................................................ 7 2.2.1. Inflight WiFi Vulnerabilities ........................................................................................................... 7 2.2.2. Malware Implicated in Fatal Spanair Plane Crash ........................................................................ 8 2.3. Airlines: Website and Networks.......................................................................................................... 9 2.3.1. Sykipot ........................................................................................................................................... 9 2.3.2. Malaysian Aviation Company Air Twitter Account Hacked ........................................................... 9 2.3.3. DDoS Attack on Israel Airports Authority Site ............................................................................. 10 2.3.4. El-Al Website Hacked................................................................................................................... 10 2.3.5. Conficker Worm Grounds French Navy Fighter Jets .................................................................... 11 2.4. Airports and Border Authorities ....................................................................................................... 12 2.4.1. Cyberattack against Turkish Passport and Control System ......................................................... 12 2.4.2. Dubai International Airport Website Breached ........................................................................... 14 2.4.3. WiFi Vulnerabilities at Airports.................................................................................................... 14 3. Conclusion .................................................................................................................................. 16 4. Appendix 1 – Analysis of RedHack .............................................................................................. 17 2016 © SenseCy ○ PO Box 8551, Poleg, Netanya 4250711, Israel ○ Tel +972-9-7482180 Israel ○ [email protected] 2 1. Introduction The aviation industry depends on one of the world's most complex and integrated technological systems – one increasingly at risk from threats from cyberspace.1 1.1. Major Threats to the Aviation Industry The American Institute of Aeronautics and Astronautics (AIAA) recently called for cybersecurity threats to be referred to the international commercial aviation industry. James Albaugh, AIAA president-elect and a former top executive at Boeing, says cyberthreats should be taken seriously because of the increasingly networked character of the world of commercial aviation and proposed that an integrated approach be taken. On August 13, the AIAA officially released a Decision Paper entitled “A Framework for Aviation Cybersecurity”, outlining existing and evolving cyberthreats to the commercial aviation enterprise and noting the lack of international agreement on cybersecurity in aviation. There is no common overall coordination of efforts seeking a global solution.2 According to the report, the global aviation system is a potential target for a large-scale cyberattack with attackers focusing on malicious intent, information theft, profit, “hacktivism”, nation states, etc. The aviation industry lacks a common strategy to combat these cyber threats. 1 http://www.flightglobal.com/news/articles/aviation-group-calls-for-coordinated-cyber-security-389032/ 2 http://www.aiaa.org/uploadedFiles/Issues_and_Advocacy/AIAA-Cyber-Framework-Final.pdf 2016 © SenseCy ○ PO Box 8551, Poleg, Netanya 4250711, Israel ○ Tel +972-9-7482180 Israel ○ [email protected] 3 Much of the AIAA report is based on the U.K. Centre for the Protection of National Infrastructure (CPNI) report. Last year, the CPNI published a report entitled “Cyber Security in Civil Aviation”3 whose key findings were: “The cyber world of interconnected and interdependent systems has increased the vulnerability of aircraft and systems and therefore the potential impact that breaches in security can have. More attention is therefore due to this complex but containable problem. Cybersecurity vulnerabilities have the potential to jeopardize civil aviation safety and efficiency. Currently, the growing threat to keeping the aviation industry safe and secure from attacks lies in cyberspace.” Risks to civil aviation from malicious cyberactivity are increasing, owing to: Safety versus security: safety issues do not include malicious cyberactivities New technology and lack of experience Consolidation: interconnected and interdependent systems The major threats as detailed by the report and as we see them are: 1.1.1. Air Traffic Control Air Traffic Control (ATC) is becoming more automated and less manually managed. The increased use of Unmanned Aerial Vehicles (UAVs) has raised concern over communication between ground control stations and aircraft. Solutions are Internet-based and therefore introduce new cyber security issues, exposing the sector to new vulnerabilities that did not previously exist that can jeopardize civil aviation safety and efficiency. The ATC system is especially susceptible to attack – several security researchers disclosed in conferences such as DEF CON and BlackHat that they were able to exploit vulnerabilities in the systems. The Automatic Dependent Surveillance-Broadcast (ADS-B) has been a major target for WhiteHat hackers speaking at the conferences, Brad Haines for example, who claims that the system is unencrypted and unauthenticated and can be eavesdropped and corrupted,4 provides a ‘Ghost is in the Air (Traffic)’ presentation that shows how ADS-B can be exploited,5 and demonstrates a take-over of the system using a Smartphone.6 3 http://www.cpni.gov.uk/documents/publications/2012/2012020-cyber_security_in_civil_aviation.pdf?epslanguage=en- gb 4 http://www.youtube.com/watch?v=CXv1j3GbgLk 5 http://media.blackhat.com/bh-us-12/Briefings/Costin/BH_US_12_Costin_Ghosts_In_Air_Slides.pdf 6 http://conference.hitb.org/hitbsecconf2013ams/materials/D1T1%20-%20Hugo%20Teso%20- %20Aircraft%20Hacking%20-%20Practical%20Aero%20Series.pdf 2016 © SenseCy ○ PO Box 8551, Poleg, Netanya 4250711, Israel ○ Tel +972-9-7482180 Israel ○ [email protected] 4 1.1.2. Aircraft The latest aircraft developments increase the potential for cyber vulnerabilities when Commercial Off-The-Shelf (COTS) software and hardware solutions are introduced into aircraft parts, increasing risk. Interconnected systems that permit communication of all routine air traffic commands between ATC and the aircraft. Aircraft operators: Increased exchanges of communication with the aircraft increases its vulnerability. eEnabled aircraft: Although ‘Connexion by Boeing’ was abandoned, the industry is seeking new solutions to provide an onboard Internet connection, which could introduce new risks and challenges in cyber security. According to the report, new eEnabled aircraft, such as the Boeing B787, Airbus A380 and A350 and Air Traffic Management (ATM) systems designed by SESAR, NextGen and Carats projects renders the situation critical as these projects are already entering service and the interconnected and interdependent aircraft systems are increasingly vulnerable. 1.1.3. Airlines: Website and Networks The threats include risks to web applications, such as the Sykipot backdoor tool, which