Targeting of transports, e.g. disrupting airport traffic and causing plane crashes by shutting down power to air traffic control towers,gaining access of rail computer systems and causing trains to be misrouted and crash, or even messing with the traffic lights network, causing serious accidents.
A security expert and trained pilot, Hugo Teso, created on April 2013 a framework according which, using a simple Android app, hacking an airplane is feasible. Naked Security by SOPHOS and HelpNetSecurity report that Teso created two tools to exploit vulnerabilities:
- An exploit framework named SIMON, and
- An Android app named PlaneSploit, which delivers attack messages to the airplanes’ FMSes.
Teso used the following tools:
- The Automatic Dependent Surveillance-Broadcast (ADS-B) (this surveillance technology, used for tracking aircraft, will be required by the majority of aircraft operating in US airspace by Jan. 1, 2020), and
- The Aircraft Communications Addressing and Reporting System (ACARS), a protocol for exchange of short, relatively simple messages between aircraft and ground stations via radio or satellite that also automatically delivers information about each flight phase to air traffic controllers.
- Flightradar24 flight tracker, which is a publicly available tool used for depicting air traffic in real time.
According to HelpNetSecurity, Teso demonstrated at the Hack In The Box Conference in Amsterdam the following functions:
- Please go here: A way of interacting with the plane where the user can dynamically tap locations on the map and change the plane’s course.
- Define area: Set detailed filters related to the airplane, for example activate something when a plane is in the area of X kilometers or when it starts flying on a predefined altitude.
- Visit ground: Crash the airplane.
- Kiss off: Remove itself from the system.
- Be punckish: A theatric way of alerting the pilots that something is seriously wrong – lights start flashing and alarms start buzzing.
However, both the European Aviation Safety Agency (EASA) and the Federal Aviation Administration (FAA) released statements according which the abovementioned hacking attack is not –yet?— feasible.
As for cars, Johns Hopkins University Computer Science Professor Avi Rubin asserts at TED Taks that all our devices can be hacked, having the most destructive consequences, ranging from seizing control of cars’ brakes to stopping completely a human heart pacemaker.
McAfee issued a report entitled ‘Caution: Malware Ahead. An analysis of emerging risks in automotive system security’, exposing a feature list of embedded devices, as well as car hacks in today’s computerized automobiles.
The well-known magazine and website WIRED reports that Russian hackers modified a dilapidated Opel to drive by iPad. What could be the repercussions of this, now that modern cars have the ability to be remotely started by mobile phones, together with the fact that Google has developed the Driverless Car project?