Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Pen-tester Banned from flights !!

Comments

  • Closed Accounts Posts: 1,322 ✭✭✭dbit


    Does anyone think he was pushing for Creds , being that he is a "Certified" tester, or from a reputable body ?


  • Closed Accounts Posts: 1,322 ✭✭✭dbit


    A Ban on laptops?,...... and scanning for high performance rooted phones? soon to be added to the list of airport checks ?


  • Registered Users, Registered Users 2 Posts: 1,835 ✭✭✭BoB_BoT


    More likely bans on all those who speak their mind. So the malicious "quiet" hackers won't even be looked at, but if you blog/tweet/post about it, you're on the ban list.


  • Closed Accounts Posts: 1,322 ✭✭✭dbit


    Pardon the pun, but this could induce more Error 404's and planes not found !.


  • Closed Accounts Posts: 1,322 ✭✭✭dbit


    What really freaks me out about this is that he found Two, not just one way in , the on-board Wifi and modules under the seats that have multi media functionality , he alleged that he can pull data from the planes main Bus , see fuel consumption's, temps , ...... deploy masks even turn off engines and silence cockpit alarms to the fact. ( doubt that though as every airliner has triplicate electronics systems its the law for avionics)

    He must be wiring RX ,TX to something to gain access to the under-seat units . But to be outright banned from flights indicates that there is an air of truth to some of it at least . This guy is going to have to drive around US for quite some time to come .


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1,835 ✭✭✭BoB_BoT


    Well that's the thing, by law the systems need to be separate, they can't use the same bus for entertainment as the use for the engine control etc..

    Unless he's directly tapping into the bus that's controlling the engine, masks, oxygen etc... which again, I can't imagine being easily accessible in the cabin.

    I wonder has he put forward his penetration techniques to the airline to allow them to verify/fix the issue.

    The other side of it is, he "jokingly" said he could deploy the oxygen masks, what sort of gob****e posts that on twitter. He may as well have said, "I'm going to turn off the engines mid flight", the fear that surrounds flying has people on edge and the smallest suggestion of interfering with a plane will make authorities jump on you. He might be clever enough to pen test / hack, but he's not clever enough to keep his mouth shut on global platform.


  • Closed Accounts Posts: 1,322 ✭✭✭dbit


    BoB_BoT wrote: »
    Well that's the thing, by law the systems need to be separate, they can't use the same bus for entertainment as the use for the engine control etc..

    Unless he's directly tapping into the bus that's controlling the engine, masks, oxygen etc... which again, I can't imagine being easily accessible in the cabin.

    I wonder has he put forward his penetration techniques to the airline to allow them to verify/fix the issue.

    The other side of it is, he "jokingly" said he could deploy the oxygen masks, what sort of gob****e posts that on twitter. He may as well have said, "I'm going to turn off the engines mid flight", the fear that surrounds flying has people on edge and the smallest suggestion of interfering with a plane will make authorities jump on you. He might be clever enough to pen test / hack, but he's not clever enough to keep his mouth shut on global platform.

    Agreed hence my "Does anyone think he was pushing for Creds"


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    dbit wrote: »
    Agreed hence my "Does anyone think he was pushing for Creds"

    He was on his way to speak at RSA, he didn't need additional creds.


  • Closed Accounts Posts: 1,322 ✭✭✭dbit


    syklops wrote: »
    He was on his way to speak at RSA, he didn't need additional creds.

    So why make the ridiculous tweets , he is supposed to be a professional after all.


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    dbit wrote: »
    So why make the ridiculous tweets , he is supposed to be a professional after all.

    Presumably he underestimated their response and response times. He sent the tweet as he sat in his seat, four hours later the feds were waiting for him when the plane landed.


  • Advertisement
  • Closed Accounts Posts: 1,322 ✭✭✭dbit


    Yes, I agree Syklops . But for a pro in the industry to do something like this, was he just seeking attention? as doing a lot of digging on the topic i cannot see how civilian accessed systems cross to the control and system buses of the plane. Certifications on planes are EXTREMELY strict and governance over the practices are the same.

    Most commercial jets use the Arinc 429 system and i can assure you no one is getting into that local or remote.


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    dbit wrote: »
    Yes, I agree Syklops . But for a pro in the industry to do something like this, was he just seeking attention? as doing a lot of digging on the topic i cannot see how civilian accessed systems cross to the control and system buses of the plane. Certifications on planes are EXTREMELY strict and governance over the practices are the same.

    Most commercial jets use the Arinc 429 system and i can assure you no one is getting into that local or remote.

    He was maybe just alluding to his talk, which was on this very topic.

    Also, pardon me of being sceptical of "governance". I've worked in places which ticked all the boxes from a GRC point of view, but which I wouldn't ever have considered secure.

    The whole point of pen testing is after a product has been built, you test it. And you keep testing it until you are sure no-one else can do anything with the system once it hits the masses. He researched the issue and found stuff and that what was in his talk. Hopefully the feds got him to give his talk to them before they let him go.


  • Closed Accounts Posts: 1,322 ✭✭✭dbit


    Good points made there , only i still think he was very silly to take that approach , issues detected or not post 9/11 its not the brightest thing in the world to do, for one he is supposed to exude professionalism. That was not a professional move .


  • Closed Accounts Posts: 1,322 ✭✭✭dbit


    Seems its actually being taken very seriously :-
    http://www.wired.com/2015/04/fbi-tsa-warn-airlines-tampering-onboard-wifi/

    I love this part lmfao :-
    Report any evidence of suspicious behavior concerning aviation wireless signals, including social media messages with threatening references to Onboard Network Systems, ADS-B, ACARS, and Air Traffic Control networks.

    So the staff will run about with net scanners now lols.

    Or :-
    oberts sent out his joke tweet in response to a report released last week by the Government Accountability Office indicating that unsecured connections between the passenger Wi-Fi networks and the avionics systems on some Boeing and Airbus planes could make it possible for a hacker to gain access to navigational controls and commandeer a plane.

    Can we have a vulnerability airline model number list please he he he he.


  • Closed Accounts Posts: 1,322 ✭✭✭dbit


    Some new models have rj45's under seats WTF ! i see what your saying about governance a little clearer now.


  • Closed Accounts Posts: 1,322 ✭✭✭dbit


    Excuse me sir are you hacking this flight ?

    No no i use a wifi transceiver to the port under the seat nothing to see here move along.


  • Registered Users, Registered Users 2 Posts: 37,485 ✭✭✭✭Khannie


    syklops wrote: »
    Presumably he underestimated their response and response times. He sent the tweet as he sat in his seat, four hours later the feds were waiting for him when the plane landed.

    That's the most frightening part of all of this. That their response time was that amazingly fast.
    dbit wrote: »
    Some new models have rj45's

    Etihad planes come with network ports and wifi on board. I've seen their entertainment system boot and it's running an old version of Linux. I wouldn't have the gumption to give them an oul' pentest though.


  • Closed Accounts Posts: 1,322 ✭✭✭dbit


    Khannie wrote: »
    That's the most frightening part of all of this. That their response time was that amazingly fast.



    Etihad planes come with network ports and wifi on board. I've seen their entertainment system boot and it's running an old version of Linux. I wouldn't have the gumption to give them an oul' pentest though.

    So why did they airlines not respond to him?, he did try several times to notify them and got no response, Does it from on board the plane and immediately arrested.

    I wouldn't bother (to try) myself either as the penalties it suggests make me sad.


  • Registered Users, Registered Users 2 Posts: 36,538 ✭✭✭✭Hotblack Desiato


    dbit wrote: »
    So why did they airlines not respond to him?

    Because he's a complete spoofer, most likely

    In Cavan there was a great fire / Judge McCarthy was sent to inquire / It would be a shame / If the nuns were to blame / So it had to be caused by a wire.



  • Closed Accounts Posts: 1,322 ✭✭✭dbit


    Because he's a complete spoofer, most likely

    Airlines were issued warnings from FBI on the back of what he told them.


  • Advertisement
  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    Because he's a complete spoofer, most likely

    Have you read anything about this story?


  • Registered Users, Registered Users 2 Posts: 36,538 ✭✭✭✭Hotblack Desiato


    Yes. Have you read what people in the aviation industry think of it?

    In Cavan there was a great fire / Judge McCarthy was sent to inquire / It would be a shame / If the nuns were to blame / So it had to be caused by a wire.



  • Registered Users, Registered Users 2 Posts: 36,538 ✭✭✭✭Hotblack Desiato


    dbit wrote: »
    Airlines were issued warnings from FBI on the back of what he told them.

    The FBI do not have jurisdiction or competence in this area.

    In Cavan there was a great fire / Judge McCarthy was sent to inquire / It would be a shame / If the nuns were to blame / So it had to be caused by a wire.



  • Closed Accounts Posts: 1,322 ✭✭✭dbit


    The FBI do not have jurisdiction or competence in this area.

    LOL OK OK they did not arrest him off of a flight (The FBI) ( The FBI are powerless in state security matters lmfao), and these are not the droids you are looking for !.


  • Registered Users, Registered Users 2 Posts: 36,538 ✭✭✭✭Hotblack Desiato


    The FBI do not certify aircraft or avionics, the FAA do. You might as well ask a toaster designer to build you a suspension bridge. This guy's claims are being treated with derision in aviation forums, he doesn't know what he's talking about, he was looking for a little publicity and got more than he bargained for...

    In Cavan there was a great fire / Judge McCarthy was sent to inquire / It would be a shame / If the nuns were to blame / So it had to be caused by a wire.



  • Closed Accounts Posts: 1,322 ✭✭✭dbit


    The FBI do not certify aircraft or avionics, the FAA do. You might as well ask a toaster designer to build you a suspension bridge. This guy's claims are being treated with derision in aviation forums, he doesn't know what he's talking about, he was looking for a little publicity and got more than he bargained for...

    Who said FBI regulate avionics and engineering design concepts then ? FBI deal with security risks , this is one.


Advertisement