Hacking Airplanes with SIMON and PlaneSploit

Title Image from Hugo Teso's HiTB Presentation
Title Image from Hugo Teso’s HiTB Presentation

For those that thought hacking car systems or medical devices was bad, what if airplane systems were exploitable? Could you access a planes secured communication system and monitor it or even worse, take over the plane?

At this year’s Amsterdam Hack in The Box Security Conference, security researcher Hugo Teso demonstrated how this could be done…

From an Android Smartphone…

Teso is not only a security researcher, but also a commercial airline pilot. He created a test lab using airplane communication hardware that he was able to buy online. He then analyzed the system and created his own exploit code called SIMON and a custom smartphone app called PlaneSploit.

According to Forbes, Teso told the crowd that he could send radio signals to planes that would cause them to execute arbitrary commands such as changes in direction, altitude, speed, and the pilots’ displays.

And in a phone interview with Forbes’ Andy Greenburg Teso said, “You can use this system to modify approximately everything related to the navigation of the plane, that includes a lot of nasty things.”

He was able to acquire all the hardware needed online through sites like Ebay. According to his slide presentation, amazingly some of the parts were as cheap as $9.99:


And he found many of the communications signals were not encrypted or used very light security. He was able to do everything from passively eavesdropping on the signals to using active attacks like jamming, replay and complete signal injection.

Teso is working with airline authorities to help rectify the situation. And no, he is not releasing the exploit code, so you won’t see a PlaneSploit module in Backtrack any time soon!

For more information check out his Presentation slide show on the HitB website.

Hacktivists jump into North Korea DDoS and Defacement War

N Korea Anonymous

As North Korea’s militaristic threats against the US increase, so do the website attacks. But it would seem that so far, N. Korea is on the receiving end as hacktivists jump into the fray.

There has been a flood of activity over the last few days, though mostly one sided.

On April 2nd, the US Forces Korea military website went down with a Gateway error:


As this article is written, the site is still down:

US_Korea_Website 2

The official word so far is that it is an internal server issue and not related to a cyber attack.

But North Korean sites seem to be a different story. Apparently the hacktivist group “Anonymous” has been very busy indeed. As of today anyone visiting N. Korea’s Twitter page will see this:

Twitter Hacked

Tango Down, cute! And a look at their latest tweets:

N Korea Twitter

And their Flickr page:

N Korea Flickr

Hmm… Some of those images don’t seem to follow the party line, especially the caricature of “Dear Leader”. Though the Flickr page seems to have been corrected since this morning.

Pro-North Korea news site Uriminzokkiri.com and several others also seem to be currently offline:

N Korea Websites Down

It would appear that the Uriminzokkiri site hasn’t been hacked, but is down possibly due to a Distributed Denial of Service attack (DDoS), a flood of network traffic that ties it up and effectively takes it offline.

It seems that the majority of attacks are coming from the hacktivist group “Anonymous”.  One anonymous post contains a list of their demands towards North Korea:

We demand:
– N.K. government to stop making nukes and nuke-threats
– Kim Jong-un to resign
– it’s time to install a free direct democracy in North Korea
– uncensored internet access for all the citizens!

And to Kim Jong-un:

So you feel the need to create large nukes and threaten half the world with them?
So you’re into demonstrations of power?, here is ours:
– We are inside your local intranets (Kwangmyong and others)
– We are inside your mailservers
– We are inside your webservers

The post also contained what seemed to be account information from one of the hacked websites.

The popular patriot hacker “The Jester” also claimed that he took down several websites that Anonymous claimed credit for in this tweet:

North Korea Jester

So what does this all mean? Is this the beginnings of a cyber war?

LOL, no…

Though DDoS attacks are irritating and do disrupt website usage, they are not a deadly attack. Sorry main stream media, this is not a “Cyber War”. Nor is defacing a Twitter account or other social media site a devastating military attack.

Sure the website owner loses face and obviously has security issues, but it is more of a Psyops type message than a kinetic attack where property is damaged and lives are in danger.

And while several North Korean websites have been downed or defaced, it is not the focal point of the North’s power (The country only has like 35 websites total…).

Let’s not forget that they have the world’s fourth largest army, have created tunnels that run under the North/South border that possibly could hold thousands of troops and have nuclear tipped missiles aimed at the US and her allies.

Volatility Memory Analysis Article Featured in eForensics Magazine

eForensics April 2013

Check out this month’s issue of eForenics Magazine for my article on Memory Analysis using Volatility 2.2 and DumpIt!

“Analyzing system memory for artifacts is a technique used by forensic analysts, security specialists and those that analyze malware.

In this article we will cover how to obtain a complete copy of system memory from a computer using the easy to use program “DumpIt”. We will then take this memory dump and analyze it with the popular memory analysis tool “Volatility”.

With Volatility, you can pull a list of what software was installed on a system, what processes were running, what network connections were active, and a whole lot more.

We will look at all of this and even see how to pull password hashes from a memory dump. Lastly we will try our hand at analyzing a memory image infected with a sample of Stuxnet.”

The magazine also includes:

  • Cold Boot Memory Forensics by Alexander Sverdlov
  • MALWARE FORENSICS & ZEUS by Mikel Gastesi ,  Jozef Zsolnai & Nahim Fazal
  • Establishing a Center for Digital Forensics Investigative Services on the Cloud by Dr. Rocky Termanini
  • Digital Continuity of Government Records by Dr. Stilianos Vidalis
  • And more!

Check it out! (Subscription Required)

What part of America could N. Korea hit with Missiles?

As North Korea continues to threaten the US, this weekend was no different. On Saturday they stated that they had entered a “state of war”. And Today South Korea warned of a strong response to any provocation as F-22 Raptors arrived at the main US air base in S. Korea, and combined US/ S. Korea military exercises continued.

The problem is, it is hard to tell if N. Korea will truly escalate or if it is just part of their standard threats that stream out from their leadership. The threats are so constant it is hard to take them seriously. According to CNN one US official stated, “There is pot-banging and chest-thumping, but they have literature attracting tourists that explicitly says pay no attention to all that (public) talk about nuclear war or another kind of war.”

At the end of last week there seemed to be little visual proof that N. Korea was moving forward with it’s threats. But what if things did escalate?

Though any type of “cyber war” against the North would be short lived – there is very little attack surface, their power is suspect at best and they only have about 35 websites. They do have the 4th largest army and more importantly, nuclear tipped missiles.

But what is the range of their missiles and could they hit the US? The video above from CNN shows the estimated range of N. Korea’s missile arsenal. According to the video some missiles could strike Alaska. Though their latest rocket the Unha 3, could strike a large section of the Western US, but it has not been tested as a missile as of yet.