December 5, 2017 • 5 mins
Learn more about your ad-choices at https://www.iheartpodcastnetwork.com
See omnystudio.com/listener for privacy information.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:03):
In a world of connected vehicles, the real drivers might
be the hackers. I'm Jonathan Strickland, and this is tech
stuff daily. In information security, there's a practice called penetration testing.
The concept is pretty simple. A hacker or team of
hackers attempts to gain entry into what is supposed to
(00:23):
be a secure system using various hacking techniques. The goals
to expose any security vulnerabilities that need to be patched
to make the system more impenetrable. Recently, a private company
working with the Department of Homeland Security revealed that it
was able to gain remote access to the on board
systems of a Boeing seven fifty seven back in six
(00:44):
at an airport in Atlantic City, New Jersey. While the
DHS says the hacking team couldn't get access to the
aircraft's flight control systems, this is still obviously a huge concern.
The Department of Homeland Security was understandably read sent to
share details of the successful attack. But here's what we
do know. The intruder was able to access certain on
(01:06):
board systems remotely via radio frequencies without having physical contact
with the plane. The intruder also didn't rely upon collusion.
There was no one on board the plane on the
intruder's side. In other words, so it sounds like this
researcher was able to use a fairly simple piece of
equipment that could pass through airport security and gain access
(01:27):
to the seven fifty seven's communication systems. According to the DHS,
that's all the researchers were able to take over, and
that is enough to be extremely troubling. But the DHS
stressed that the researchers could not affect the flight path, software,
or any of the actual controls of the aircraft. Typically,
aircraft network systems are designed in such a way to
(01:48):
prevent an intruder from getting to the avionics or flight
controls part of an aircraft system. Historically, the way to
do this was to have what is called an air gap.
An air gap is when you create either a computer
or network that has no connection to a larger outside network.
A PC with no wired or wireless connections to the
Internet would have an air gap. There's no way for
(02:10):
a hacker to connect to the machine without first gaining
physical access to it. Even with air gaps, you typically
have communications and avionics depending upon the same general network.
The two systems wouldn't have a direct line of communication
between them, but would refer to some form of common
communication interface. Air Gaps are more common between passenger networks
(02:31):
and critical systems. In other words, if you connect to
the in flight WiFi, you don't magically get access to
an aircraft's critical systems. That's generally considered a good thing.
As all sorts of vehicles have become more advanced and connected,
we've seen multiple examples of poor security implementations that could,
under the right circumstances, lead to catastrophe. A couple of
(02:52):
years ago, some security researchers demonstrated that they could hack
into certain Cherokee models remotely and affect the vehicle's behavior,
including the sound system, windshield wipers, and even the accelerator.
This was a fairly recent development. Previously, security experts needed
physical access to a vehicle in order to make a
wired connection between their computers and the cars onboard computer system.
(03:14):
As we've trended more toward a wireless infrastructure, opportunities to
exploit vulnerabilities have increased. So how do you fix it? Well?
In the case of cars, it requires massive recalls to
address hardware in some cases, but in others you can
fix it with a software patch, which, depending upon the
problem and the car manufacturer, might allow owners to download
(03:35):
the update directly to their vehicle without leaving the driveway.
But with planes, it's a little more complicated. According to
Robert Hickey, who is an aviation program manager at the
Department of Homeland Securities Science and Technology Director at Cybersecurity Division,
any fixed for Boeing aircraft would be both time consuming
and expensive. Specifically, he said quote the cost to change
(03:59):
one line of code on a piece of avionics equipment
is one million dollars and it takes a year to implement.
Hickey said that newer aircraft models have better security measures,
but that's not a huge comfort since the commercial aircraft
in operation are legacy models, which means they are older
models that lack the latest security measures. So in short,
(04:19):
there is a relatively simple hack that relies on radio
communications devices that anyone could get through airport security and
potentially compromise the communication system on an aircraft. Whether you
maintain control of the system once the aircraft moves out
of transmission range hasn't been discussed, and maybe that you'd
have enough influence to prompt to flight cancelation and that's it.
(04:39):
That's still incredibly disruptive. Of course, the larger fear is
that you'd have a perpetual back door into a plane's
onboard network, and there's always the concern that somehow in
the future hackers will find a way to affect avionics
and not just communications. There are hard lessons to learn
in the information age, and it seems like we must
relearn some of them every year. We have to keep
(05:00):
in mind that along with all the benefits wireless technologies
have to offer, there are potential drawbacks. If we keep
that in mind from the start, we're more likely able
to address design flaws before they become part of a
final product. That's all for today. To learn more about
internet security, avionics, the science of flight, and more, subscribe
to The Tech Stuff podcast. We publish on Wednesdays and
(05:21):
Fridays and do a deep dive in all things in
the world of technology. I'll see you against It.
In a world of connected vehicles, the real drivers might
be the hackers. I'm Jonathan Strickland, and this is tech
stuff daily. In information security, there's a practice called penetration testing.
The concept is pretty simple. A hacker or team of
hackers attempts to gain entry into what is supposed to
(00:23):
be a secure system using various hacking techniques. The goals
to expose any security vulnerabilities that need to be patched
to make the system more impenetrable. Recently, a private company
working with the Department of Homeland Security revealed that it
was able to gain remote access to the on board
systems of a Boeing seven fifty seven back in six
(00:44):
at an airport in Atlantic City, New Jersey. While the
DHS says the hacking team couldn't get access to the
aircraft's flight control systems, this is still obviously a huge concern.
The Department of Homeland Security was understandably read sent to
share details of the successful attack. But here's what we
do know. The intruder was able to access certain on
(01:06):
board systems remotely via radio frequencies without having physical contact
with the plane. The intruder also didn't rely upon collusion.
There was no one on board the plane on the
intruder's side. In other words, so it sounds like this
researcher was able to use a fairly simple piece of
equipment that could pass through airport security and gain access
(01:27):
to the seven fifty seven's communication systems. According to the DHS,
that's all the researchers were able to take over, and
that is enough to be extremely troubling. But the DHS
stressed that the researchers could not affect the flight path, software,
or any of the actual controls of the aircraft. Typically,
aircraft network systems are designed in such a way to
(01:48):
prevent an intruder from getting to the avionics or flight
controls part of an aircraft system. Historically, the way to
do this was to have what is called an air gap.
An air gap is when you create either a computer
or network that has no connection to a larger outside network.
A PC with no wired or wireless connections to the
Internet would have an air gap. There's no way for
(02:10):
a hacker to connect to the machine without first gaining
physical access to it. Even with air gaps, you typically
have communications and avionics depending upon the same general network.
The two systems wouldn't have a direct line of communication
between them, but would refer to some form of common
communication interface. Air Gaps are more common between passenger networks
(02:31):
and critical systems. In other words, if you connect to
the in flight WiFi, you don't magically get access to
an aircraft's critical systems. That's generally considered a good thing.
As all sorts of vehicles have become more advanced and connected,
we've seen multiple examples of poor security implementations that could,
under the right circumstances, lead to catastrophe. A couple of
(02:52):
years ago, some security researchers demonstrated that they could hack
into certain Cherokee models remotely and affect the vehicle's behavior,
including the sound system, windshield wipers, and even the accelerator.
This was a fairly recent development. Previously, security experts needed
physical access to a vehicle in order to make a
wired connection between their computers and the cars onboard computer system.
(03:14):
As we've trended more toward a wireless infrastructure, opportunities to
exploit vulnerabilities have increased. So how do you fix it? Well?
In the case of cars, it requires massive recalls to
address hardware in some cases, but in others you can
fix it with a software patch, which, depending upon the
problem and the car manufacturer, might allow owners to download
(03:35):
the update directly to their vehicle without leaving the driveway.
But with planes, it's a little more complicated. According to
Robert Hickey, who is an aviation program manager at the
Department of Homeland Securities Science and Technology Director at Cybersecurity Division,
any fixed for Boeing aircraft would be both time consuming
and expensive. Specifically, he said quote the cost to change
(03:59):
one line of code on a piece of avionics equipment
is one million dollars and it takes a year to implement.
Hickey said that newer aircraft models have better security measures,
but that's not a huge comfort since the commercial aircraft
in operation are legacy models, which means they are older
models that lack the latest security measures. So in short,
(04:19):
there is a relatively simple hack that relies on radio
communications devices that anyone could get through airport security and
potentially compromise the communication system on an aircraft. Whether you
maintain control of the system once the aircraft moves out
of transmission range hasn't been discussed, and maybe that you'd
have enough influence to prompt to flight cancelation and that's it.
(04:39):
That's still incredibly disruptive. Of course, the larger fear is
that you'd have a perpetual back door into a plane's
onboard network, and there's always the concern that somehow in
the future hackers will find a way to affect avionics
and not just communications. There are hard lessons to learn
in the information age, and it seems like we must
relearn some of them every year. We have to keep
(05:00):
in mind that along with all the benefits wireless technologies
have to offer, there are potential drawbacks. If we keep
that in mind from the start, we're more likely able
to address design flaws before they become part of a
final product. That's all for today. To learn more about
internet security, avionics, the science of flight, and more, subscribe
to The Tech Stuff podcast. We publish on Wednesdays and
(05:21):
Fridays and do a deep dive in all things in
the world of technology. I'll see you against It.
TechStuff Daily News
Host
Jonathan Strickland
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
The Breakfast Club
The World's Most Dangerous Morning Show, The Breakfast Club, With DJ Envy And Charlamagne Tha God!
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.