Thursday, 14 August 2014

Aircraft hacking myths busted

Two avionics experts have explained why it is impossible for an attacker to take remote control of a commercial airliner.

Speaking at the Defcon 22 conference in Las Vegas Dr. Phil Polstra and Polly Kadolph explained in detail why some types of attacks are impossible and others are exceptionally unlikely to succeed.

The Register covers some of the technical detail but see below for a non-technical summary:

  • You can't hack the entertainment system and then connect to more important systems, such as the flight controller.
  • There is no way to access critical systems using wireless networks.
  • The way an aircraft's networks are set up means that they are not compatible with the sort of networks familiar to most computer experts.
  • All major control systems can be operated manually by the pilot(s).
  • Pilots won't just blindly follow what they are told by air traffic control (ATC), or someone pretending to be ATC.
  • Pilots always have control of the plane, even if its electronics fail or fall under someone else's control.
  • The auto-pilot can be turned off.

Friday, 20 June 2014

Mobile phone kill switches

Microsoft and Google have just announced so-called kill switches for Windows Phone and Android devices.

Apparently this is a response to a reduction of iPhone thefts reported since Apple introduced Activation Lock into iOS 7.

Kill switches are great in principle but hard to implement properly.

Don't assume that a kill switch will 'brick' a phone.

A kill switch is a way to render a lost or stolen phone useless, but currently they don't really do that. Or not fully, at least.

Users can lock or wipe Android devices remotely using third-party apps and, more recently, the Android Device Manager. Windows Phone users will soon see similar abilities included in the Find My Phone feature.

Wiping resets the device and that effectively means the thief (or whoever finds it) gets to keep a fresh and functional gadget. A locked smartphone can be reset too. The data may be wiped but someone else gets the benefit of your expensive hardware.

It's been possible to lock and wipe mobile devices from the major vendors for a while now. The real news is that these security features will soon be enabled by default.

The official statement from Attorney General Schneiderman includes, right at the end, the following:
"Because kill switches are only available on an opt-in basis, not enough consumers are signing-up. This underscores the urgency... to make kill switches a standard opt-out function on all phones."
So we've had kill switches for a while and now they will be opt-out. So far so good.

The kill switches used or planned by Apple, Google and Microsoft are based on software. As we know, there are ways to resurrect a phone locked down by software.

A more effective option would be to build new phones with hardware kill switches. Imagine a fuse that can be blown remotely. The device would then be properly 'killed' and would require expensive repairs to restore the device.

Hardware kill switches bring their own problems.

  1. How do you test that they work without destroying your new phone?
  2. If you can't test the kill switch, how confident are you that it will work when you need it?
  3. You might 'brick' your lost phone and then find it down the back of the sofa.

If introducing software security features reduces thefts of expensive devices then it's worth doing, but users should be aware of the limitations inherent in this approach.

One final thought: if an unauthorised individual or organisation was to gain access to your account they would be able to kill your phone, tablet or other mobile device. If the kill switch was a software version then you'd experience significant inconvenience. If it was of a hardware type you'd face additional cost.