[NBCCHICARGO.COM] A cyber security expert tells NBC5 Investigates he has found a way to hack into the satellite communications systems used in multiple industries.

“These devices are wide open right now,” said Ruben Santamarta, a security consultant based in Madrid, Spain with IOActive.

"For the aerospace sector we can disrupt satellite communications, [and] potentially modify the data that goes through those channels," said Santamarta

“For the aerospace sector we can disrupt satellite communications, [and] potentially modify the data that goes through those channels,” said Santamarta. Image: nbcchicargo.com

Pilots, ship captains and military personnel rely on satellite networks to communicate when there are no phone lines or wireless networks available.

“If someone can see the password or that user name it’s over,” he added. “Those vulnerabilities can be exploited to remotely compromise those devices.

Santamarta said he used something called reverse engineering — or decoding — to hack satellite communications equipment used in aerospace, maritime and military industries.

“In the military sector they use satellite terminals for combat units,” said Santamarta. “They normally encrypt the radio [transmissions] they send. But we can disrupt the satellite communications channel so we can prevent combat units [from asking] for help if they are being attacked.”

And in the maritime sector, satellite communications are used to send and receive vital information that affects the safety of the crew.

“If they are being attacked by terrorists, or they are suffering fire, they can send a distress call,” he said. “But we found we can modify the firmware in some of those terminals, so we can prevent a crew from sending a distress call.”

Santamarta recently published a 25-page report and went public with his findings at Defcon 22 – the largest hacking conference in the world – held earlier this month in Las Vegas, Nevada.

“For the aerospace sector we can disrupt satellite communications, [and] potentially modify the data that goes through those channels,” said Santamarta. “In some cases you need physical access to compromise the devices we analyzed, but in other cases you can use Wi-Fi or the entertainment network to access that device.”

His research took place in a lab setting and has not been tested on an actual commercial plane. But his findings have raised concerns in the aviation industry.

Read the full story at NBCCHICARGO.OM here….

 


NBCCHICARGO.COM
21st August, 2014


 

 

 


[International Airport Review] Heathrow Airport Holdings (HAH) is reported to be planning to sell off Southampton, Glasgow and Aberdeen Airports by the end of the year.

The sale would mean that HAH, formerly British Airports Authority (BAA), would be left with just London Heathrow Airport. Photo: Wikipedia

The sale would mean that HAH, formerly British Airports Authority (BAA), would be left with just London Heathrow Airport. Reports claim that the sale would be in order to fund further development projects at the world’s third busiest airport.

A statement from HAH read: “Over recent months Heathrow Airport Holdings group shareholders and management have been considering their strategic position in relation to our three airports, Aberdeen, Glasgow and Southampton.

“As a result the group is now formally entering a sale process. While there is currently no certainty that a sale will be concluded, the group intends to work towards completing a transaction by the end of the year.”

In addition to London Heathrow, Aberdeen, Glasgow and Southampton, BAA once also owned Gatwick, Stansted and Edinburgh Airports as well, but following a performance inquiry by the Competition Commission (now the Competition and Markets Authority), BAA were ruled to sell Gatwick, Stansted and either Glasgow or Edinburgh Airports in order to break up the monopoly.

Following the ruling, Global Infrastructure Partners purchased Gatwick Airport in 2009 and Edinburgh in 2012, and Stansted was purchased by Manchester Airport Group in 2013.

 

Read the original story at International Airport Review…..

 


International Airport Review
7th August, 2014
 


 


[Euractiv.com] Russian Prime Minister Dmitry Medvedev threatened on Tuesday (5 August) to retaliate for the grounding of a subsidiary of national airline Aeroflot because of EU sanctions, with one newspaper reporting that European flights to Asia over Siberia could be banned.

Low-cost carrier Dobrolyot, operated by Aeroflot, suspended all flights last week after its airline leasing agreement was cancelled under European Union sanctions because it flies to Crimea, a region Russia annexed from Ukraine in March.

“We should discuss possible retaliation,” Medvedev said at a meeting with the Russian transport minister and a deputy chief executive of Aeroflot.

The business daily Vedomosti reported that Russia may restrict or ban European airlines from flying over Siberia on Asian routes, a move that would impose costs on European carriers by making flights take longer and require more fuel.

Vedomosti quoted unnamed sources as saying the foreign and transport ministries were discussing the action, which would put European carriers at a disadvantage to Asian rivals but would also cost Russia money it collects in overflight fees.

Shares in Aeroflot – which according to Vedomosti gets around $300 million a year in fees paid by foreign airlines flying over Siberia – tumbled after the report, closing down 5.9% compared with a 1.4% drop on the broad index.

Siberia ban would force EU carriers into costly detours

At the height of the Cold War, most Western airlines were barred from flying through Russian airspace to Asian cities, and instead had to operate via the Gulf or the US airport of Anchorage, Alaska on the polar route.

European carriers now fly over Siberia on their rapidly growing routes to countries such as China, Japan and South Korea, paying the fees which have been subject to a long dispute between Brussels and Moscow.

Vedomosti quoted one source as saying a ban could cost airlines like Lufthansa, British Airways and Air France €1 billion over three months, but industry experts said that figure was probably too high.

Avoiding Russian airspace would probably be 25-50% more expensive than paying fees for transit, said Russian aviation consultant Boris Ryabok, estimating European airlines would lose around $100-200 million per year, less than the cost to Russia of the lost fees.

Lufthansa said it operates about 180 flights a week through Siberian airspace but declined further comment, as did British Airways.

The EU has widened its sanctions after last month’s downing of a Malaysian airliner over territory in eastern Ukraine controlled by pro-Moscow rebels, with the loss of 298 lives.

 

Read the full story at Euractiv.com…..

 


Euactiv.com
6th Aug, 2014



[Government Security News] The FBI Cyber Division has warned that the Aviation industry is under continual cyber-attack. Advanced Persistent Threat (APT) actors have been sending successful spear-phishing e-mails targeting the aviation community.

The FBI assesses that APT actors target technology, best practices, and other proprietary information from victim businesses for theft.

GCR has appointed Andre Allen as its new information & cyber security manager; Allen will spearhead GCR’s Cyber Security Practice to deliver cost-effective cyber security solutions with a primary focus on the aviation industry, the company says.

Allen will lead an experienced team of certified project managers and developers, some with high level government security clearance.

Andre Allen

Andre Allen

GCR provides cyber security solutions to the aviation industry partly due to the experience the company has in providing technology solutions to large airports.

The Cyber Security Practice will leverage GCR’s security architecture, policies, technologies and processes to produce automated cyber security solutions.

GCR is currently implementing automated cyber security solutions at a major U.S. airport.

“GCR leveraged the existing partnership with the airport to collaboratively deliver cyber security solutions that address the needs and challenges faced in the aviation industry,” said Tim Walsh, director of Aviation Services for GCR.

“We are excited about having Andre on our team as he brings a wealth of information and cyber security knowledge, specifically having been an IT security leader at the NASA Johnson Space Center for the past 15 years.”


Government Security News
5th Aug, 2014



[BBC News] A man has been arrested on suspicion of making a hoax bomb threat after military jets were called to escort a passenger plane to Manchester Airport.

Officers boarded the plane and arrested a passenger. Photo: Reuters / Andrew Yates

The Qatar Airways plane was escorted in to land by the Royal Air Force (RAF) following information received by the pilot.

Greater Manchester Police said it was treating it as a “full emergency”.

Armed police boarded the Doha to Manchester plane and arrested a passenger on board. All flights in and out of the airport were suspended for about 25 minutes.

The plane involved was an Airbus A330-30, which had 269 passengers and 13 Qatar Airways crew on board. It was escorted by Typhoons from RAF Coningsby in Lincolnshire.

Operations at the airport resumed at about 14:00 BST after the plane landed at a terminal. Passengers have been disembarking from the plane “as normal”, an airport spokesman said.

Josh Hartley, who boarded the plane at Doha in Qatar, said: “Well when the escort came it was very scary – I’m pretty shook up now.”

BBC News – Photo: Reuters

 

Read the full story here at BBC News…..

plane

Photo courtesy Josh Hartley / BBC News

Full BBC News updates here…..

 


BBC News
5th Aug, 2014



[World Bulletin] Cybersecurity researcher Ruben Santamarta says he has figured out how to hack the satellite communications equipment on passenger jets through their WiFi and in-flight entertainment systems – a claim that, if confirmed, could prompt a review of aircraft security.

“In theory, a hacker could use a plane’s onboard WiFi signal or inflight entertainment system to hack into its avionics equipment, potentially disrupting or modifying satellite communications”

Santamarta, a consultant with cybersecurity firm IOActive, is scheduled to lay out the technical details of his research at this week’s Black Hat hacking conference in Las Vegas, an annual convention where thousands of hackers and security experts meet to discuss emerging cyber threats and improve security measures.

His presentation on Thursday on vulnerabilities in satellite communications systems used in aerospace and other industries is expected to be one of the most widely watched at the conference. “These devices are wide open.

The goal of this talk is to help change that situation,” Santamarta, 32, told Reuters. The researcher said he discovered the vulnerabilities by “reverse engineering” – or decoding – highly specialized software known as firmware, used to operate communications equipment made by Cobham Plc, Harris Corp, EchoStar Corp’s Hughes Network Systems, Iridium Communications Inc and Japan Radio Co Ltd.

 

In theory, a hacker could use a plane’s onboard WiFi signal or inflight entertainment system to hack into its avionics equipment, potentially disrupting or modifying satellite communications, which could interfere with the aircraft’s navigation and safety systems, Santamarta said.

He acknowledged that his hacks have only been tested in controlled environments, such as IOActive’s Madrid laboratory, and they might be difficult to replicate in the real world.

Santamarta said he decided to go public to encourage manufacturers to fix what he saw as risky security flaws. Representatives for Cobham, Harris, Hughes and Iridium said they had reviewed Santamarta’s research and confirmed some of his findings, but downplayed the risks.

For instance, Cobham, whose Aviation 700 aircraft satellite communications equipment was the focus of Santamarta’s research, said it is not possible for hackers to use WiFi signals to interfere with critical systems that rely on satellite communications for navigation and safety.

The hackers must have physical access to Cobham’s equipment, according to Cobham spokesman Greg Caires. “In the aviation and maritime markets we serve, there are strict requirements restricting such access to authorized personnel only,” said Caires. A Japan Radio Co spokesman declined to comment, saying information on such vulnerabilities was not public.

Read the full story here…… 

 


World Bulletin 4th Aug, 2014



[BBC News] A pilot in the US ordered and paid for pizzas for a plane full of passengers after they were held on the tarmac in Wyoming.

abb

Gerhard Bradner ordered 50 half cheese and half pepperoni pizzas for the passengers – who waited for two hours waiting for bad weather to clear in Denver.

Mr Bradner told Phil Williams on BBC Radio 5live that he had since been called by the airline’s president who has promised to reimburse him for the cost.

Read the full story here…..

 


BBC News
9th July, 2014


 


[airport-technology.com] A consortium comprising Air France, Orange, SITA, Toulouse-Blagnac Airport and RESA will offer near field communications (NFC) technology to Air France passengers.

“This trial with Air France and Orange marks the first NFC boarding pass that provides a truly interoperable and scalable solution for the industry.

Photo: courtesy of SITA.

Using the  Touch&Pass app, passengers travelling on Air France flights from Toulouse-Blagnac to Paris-Orly can complete the entire boarding process through their Orange NFC-based smartphones, providing a seamless boarding experience.

The passengers will also receive their boarding pass on their smartphones, which will be automatically read and located by the RESA reader.

Air France KLM ground product innovation manager Jean-Christophe Gaudeau said that Air France is committed to constantly searching for new products, innovative solutions and services that can improve the travel experience for its customers.

“Air France’s participation in the testing of NFC technology at boarding illustrates its desire to be a pioneer in the field of innovation for the benefit of our passengers,” Gaudeau said.

SITA chief technology officer Jim Peters said: “This is…..

Read the full story at airport-technology.com…..

 


airport-technology.com
7th July, 2014



[Daily Telegraph] As many as 13 planes flying over Europe vanish from radar screens in an “unprecedented” series of blackouts that lasted 25 minutes with claims air traffic control could have been hacked.

So far experts are at a loss to explain what caused the aircraft to disappear

An air-safety investigation has been launched after 13 planes flying over Europe disappeared from radar screens in two “unprecedented” blackouts, leading to reports stating air traffic control systems had been hacked.

The aircraft went missing from screens across the region in early June, leaving air traffic controllers with no information about their position, direction and height – instead relying on voice communication alone.

Air traffic control centres in Austria, southern Germany, the Czech Republic and Slovakia all reported the same problem with each period of interference lasting around 25 minutes but varying from flight to flight.

Marcus Pohanka, from Austro Control, described the incidents, which occurred on June 5 and June 10 as “unprecedented,” although the authorities stressed that all the aircraft involved continued with their flights as normal.

Concerns over air safety and radar have been heightened since the disappearance of a Malaysian Airlines flight in March.

Read the full story at The Daily Telegraph…..

 


The Daily Telegraph

13th June, 2014

 


 


[DFNIonline.com] London Heathrow airport chief executive officer Colin Matthews is to stand down later this year.

Colin Matthews has been at the helm since March 2008. Image: BBC News 

Matthews joined the airport in March 2008 and under his leadership the proportion of passengers rating their journey through Heathrow as good or excellent increased from less than 50% to more than 75%.

Terminal 5 has been voted by passengers as the world’s best airport terminal for the past three years and the airport has constructed the new T2 which is set to open in June.

London Heathrow was also official gateway for the London 2012 Olympic and Paralympic Games and the option for a third runway was shortlisted in December 2013 by the Sir Howard Davies’ Airports Commission.

Matthews said: “It has been a privilege to serve as CEO of Heathrow for the last six years. With a strong leadership team, the company continues to raise standards of passenger service, improve efficiency and reduce costs.

The opening of terminal two: The Queen’s Terminal in June this year is a further important step in the transformation of Heathrow and long-term prospects are bright following the decision of the airport’s Commission to shortlist our proposal for a new runway.

So once terminal two has opened later this year, I have decided the time is right to pass on the baton.”

Read the full story at DFNIonline.com…..

 


DFNIonline.com
31st March, 2014

Andrew Pentol


Enhanced by Zemanta