IOActive researcher will demonstrate at Black Hat USA how satellite equipment can be ‘weaponized’
It’s been four years since researcher Ruben Santamarta rocked the security world with his chilling discovery of major vulnerabilitiesin satellite equipment that could be abused to hijack and disrupt communications links to airplanes, ships, military operations, and industrial facilities.
Santamarta has now proven out those findings and taken his research to the level of terrifying, by successfully hacking into in-flight airplane WiFi networks and satcom equipment from the ground. “As far as I know I will be the first researcher that will demonstrate that it’s possible to hack into communications devices on an in-flight aircraft … from the ground,” he says.
He accessed on-board WiFi networks including passengers’ Internet activity, and also was able to reach the planes’ satcom equipment, he says, all of which in his previous research he had concluded – but not proven – was possible. And there’s more: “In this new research, we also managed to get access to important communications devices in the aircraft,” Santamarta, principal security consultant with IO/Active, says.
From Wired Article: Tripwire security researchers found the Google Home and Google Chromecast could leak location data through unauthorised network connections. The IoT’s security issues run much deeper.
The Internet of Things (IoT)security problem isn’t going away. The connected network of billions of devices – from smart doorbells to office printers – is regularly found to have privacy problems and be open to attack by potential hackers.
The latest of these incidents? Google’s artificial intelligence Home speaker and the Chromecast, the firm’s streaming device, have been found to reveal a user’s precise physical location. Revealed by Tripwire security researcher Craig Young, the bug can make a person’s location known to an accuracy of around 10 metres.
A presentation at last week’s BSides conference by researchers from INSINIA explained how a device planted on a factory floor can identify and list networks, and trigger controllers to stop processes or production lines.
The talk – Hacking SCADA: How We Attacked a Company and Lost them £1.6M with Only 4 Lines of Code– reviewed 25 years of industrial control kit, going back to the days of proprietary equipment and X21 connections before discussing proof-of-concept attacks.
See The Register Article:
Pwned with ‘4 lines of code’: Researchers warn SCADA systems are still hopelessly insecure