• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

WatchGuard Security Week in Review: Episode 59 – Android PlaneSploit

April 12, 2013 By Corey Nachreiner

CISPA, Game Dev Breaches, and Android Plane Hack

Though I’m traveling in Singapore for a security conference, I still found a few spare minutes for my weekly InfoSec news summary. This week I cover some Bitcoin mining malware, CISPA returning from the ashes, some game related network attacks, and most interestingly, an Android smartphone hacking an airplane. For the details, watch the video below.

By the way, I apologize for the shaky camera. I forgot my tripod on this trip and shooting video with a busy schedule has its challenges. Don’t forget to check out the Reference section if you want to learn more.

(Episode Runtime: 7:53)

Direct YouTube Link: http://www.youtube.com/watch?v=8tke-MEdmtA

Episode References:

  • Skype phishing leads to bitcoin mining trojan – Securelist Blog
  • House Intelligence panel says OK to CISPA – Computer World
  • Winnti Game Dev attack details – Securelist Blog
  • uPlay hack allows criminals to steal Ubisoft games – Techspot
  • Researcher shows how to hack an airplane with an Android smartphone – The Register
  • Airplane hacking presentation by Hugo Teso [PDF] – HITB.org
  • Extras:
    • FBI gets Verizon to track an aircard – Wired
    • Security experts don’t like Facebook Home – PC World
    • Bitcoin hacker hunted – SC Magazine
    • Brainwave passwords? – Techcrunch

— Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Security Bytes Tagged With: Bitcoin, CISPA, Google, Hacked, Hacking, Hacking Airplanes, Infosec news, Malware, PlaneSploit, SIMON, Software vulnerabilities, Updates and patches, uplay hack, Winnti

Comments

  1. Alexander Kushnarev (Rainbow Security) says

    April 14, 2013 at 12:59 pm

    Hugo Teso, with no doubt, attract public attention to the problem of weak protection of on-board aircraft systems and their sub-components (like ACARS and ADS-B). And it happened just in time. I’ll try to explain why.
    1. “Many different data types to upload” and “Many FMS (Flight management system) manufacturers, models and versions” interpreted by Hugo as main vulnerabilities (in his presentation). But I’ve also see “other side of the coin”. If there are many manufacturers, models and versions – then exploiting one particular set of devices from Rockwell Collins (on a particular version of particular real-time OS) doesn’t mean compromising Honeywell set of devices (worked under another real-time OS). It’s not the same, as create exploit for Windows 7, for example. Windows 7 installed on millions of PCs around the world, but for aircraft sub-systems there are a lot of base real-time OS_ems, like: vxWorks, INTEGRITY-178B, LynxOS, Qnx etc. “Once created – widely used” it’s not a case for hacks like this (with “SIMON” toolkit or similar).
    2. This particular hack shows that “hack of aircraft on-board systems is possible”. It’s not a sign of “big disaster coming”, or something like that. Hugo spent three years developing the code to create stand model on a particular set of devices. But it’s great, that “hack on-board systems” concept was presented right now, then “Many FMS manufacturers, models and versions” are created, and then manufacturers, ground service providers and airlines can take preventive measures protect on-board systems. Long before active/massive hacking of such systems will be possible.

    Reply
  2. www.eciggieuk.com says

    June 7, 2013 at 3:56 pm

    What you published made a bunch of sense. But,
    consider this, suppose you composed a catchier post title?
    I ain’t suggesting your information is not solid., however what if you added something that makes people want more? I mean WatchGuard Security Week in Review: Episode 59 – Android PlaneSploit | WatchGuard Security Center is a little vanilla. You should look at Yahoo’s
    home page and see how they write article headlines to grab people interested.
    You might add a related video or a related pic or two to get people interested about
    what you’ve written. In my opinion, it might bring your posts a little bit more interesting.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach
  • Law Enforcement Infiltrate and Seize Hive Ransomware Operation
  • The RCE Vulnerability That Wasn’t
  • Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • CISA Warns of Weaponized RMM Software
  • Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches
  • Law Enforcement Infiltrate and Seize Hive Ransomware Operation
  • Report Roundup
  • Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use