We’re starting to hear a lot about the Internet of Things (IoT) and the Industrial Internet these days. But what a lot of people aren’t aware of is that SCADA systems have been around for a long time, and more and more of these are being connected directly to the Internet. If you didn’t already know, “…a 747 is a big flying Unix host.”

The Register is reporting that at the recent Hack In The Box security summit in Amsterdam, during a presentation by Hugo Teso, a security researcher at N.Runs and a commercial airline pilot, demonstrated attack code that can take full control of a commercial airliner’s flight systems and the pilot’s displays.

The Lab

The equipment used to build the exploit; second-hand commercial flight system software and hardware picked up on eBay.

The thing you should take away from this story isn’t a fear of flying. Teso spent three years working on the attack, and for obvious reasons, the actual attack vectors weren’t divulged during the presentation. Both the Federal Aviation Administration and the European Aviation Safety Administration have been informed and should be working to fix the holes.

However, with more and more makers building systems connected to the Internet, this should be a wake up call for all of us not to make the same mistakes as the people building these legacy systems. Just because your weather station or smart meter isn’t connected to the Internet right now, or is “safe” behind your NAT and home firewall, doesn’t mean you shouldn’t think about security.

We’re right at the start of a revolution in home automation and control where (most?) everyday objects will start to have computing power, and be connected to the network. Let’s design some security in right at the start.

Alasdair Allan

Alasdair Allan is a scientist, author, hacker and tinkerer, who is spending a lot of his time thinking about the Internet of Things. In the past he has mesh networked the Moscone Center, caused a U.S. Senate hearing, and contributed to the detection of what was—at the time—the most distant object yet discovered.


Related
blog comments powered by Disqus
Follow

Get every new post delivered to your Inbox.

Join 28,409 other followers