Mapping the aviation attack surface: plain text rules the skies
Track 1 – 2:35pm
Ken Munro Founder and Partner, Pen Test Partners
Bio
Ken Munro is a security researcher and founder and partner at Pen Test Partners, the UK’s largest independent penetration testing firm, with an established presence in the USA. He focuses on real-world security problems in connected products and embedded systems, including smart home devices, automotive systems, critical national infrastructure, and aviation technology. Ken and his team responsibly disclose vulnerabilities at scale, and he regularly shares practical lessons through conference talks and media commentary. Ken has become a voice for reform and legislative change, speaking at TEDx, briefing UK and US government departments, as well as being involved with various EU consumer councils.
Talk Abstract
Flying is safe, one of the safest forms of transport available, yet many of the communication protocols used are still, remarkably, plain text or similarly exposed.
We’ll look at the attack surface of a modern airliner, together with the ground systems that it interfaces with, both when airborne and when landed.
Even more recent protocols aren’t as secure as they should be. Fortunately, one can’t simply take control of a plane from a seat in economy, despite some highly misleading press coverage that has suggested otherwise.
The talk will cover airborne domains, segregation, digital comms, ACARS, ADS-B, CPDLC, GPS, FAP, CMS, ACD, AISD, PIESD, PODD, LSAPs, AFDX and plenty more unintelligible acronyms
Ken is a shit pilot, with >300 hours of airtime, covering multiple engine failures, undercarriage hangups, airproxes (aka near misses) and landings at the wrong airport. Fortunately you’re all safe, as his commercial pilot career never went anywhere other than tinkering in the avionics bays of Boeing and Airbus tin.
Intended Audience
Those interested in OT security as well as aviation
How NSFW is this talk?
(How spicy is your talk in chilli's?)
no chilies.