Digging Deeper into Aviation Security presented at HITBSecConf Malaysia 2013

by Hugo Teso,

Summary : Still focusing on the same target, aircrafts, this presentation we will detail and exploit new aviation protocols weaknesses and avionic systems vulnerabilities.
If previously we saw how to use a combination of ADS-B and ACARS in order to exploit Flight Management Computer vulnerabilities and take partial control of the aircraft navigation system, now we will improve the attack by adding new vectors, vulnerabilities and post-exploitation techniques that overcome most of the limitations of the previous approach.
The complete attack will be accomplished remotely, without needing physical access to the target at any time, and real avionics systems (Software and sometimes Hardware) will be used.
Finally a new proof of concept will be shown to help understand the concepts and attacks explained.