1、-Aviation Cybersecurity: Technologyand Teamwork#RSACTalk objectivesAviation security primer.Share experiences.Contribute to future aviationsafety.Caveat: youre more likely tobe pwned through yourbusiness network and supplychain than through yourplanes & airports2Responsible disclosureAircraft are ha
2、rd to fix if anissue is found.We, and our friends andfamilies, fly.Disclose to vendors andregulators.3Hacking Satcom TerminalsDo you have any control overthe smart devices your crewsbring on board?How secure are the wirelessnetworks on board yourvessels?Have you checked theseparation of your on-boar
3、dnetworks?4How did we get started?5Aircraft accessund power6Aircraft connectivityVHF / HF7AirAirline InformationServices Domain(AISD)Aircraft ControlDomain (ACD)Passenger Information &Entertainment ServicesDomain (PIESD)GNSS (GPS/ Galileo)WAAS /EGNOSSATCOMNAV(ILS / VOR /DME / NDB)ADS-BTCAS2GHz MSSCG
4、CWQARSecondary radar(transponder)(3/4G, WiFi)9Aircraft10ACD Connectivity11ACD ConnectivityEFBs (Often iPads)AIDSPDLPMAT12Aircraft control databuses ARINC 429Legacy, point-to-point,one source, multiplerecipients+10v+/- 10v differential pairs12/100kbps32bit wordsSource/sink/data“1”Odds parity check-10
5、v13Aircraft buses AFDX (ARINC 664)Ethernet787 / A350 / A380+MACs / Virtual LinksUDP/ICMP/SNMP(!)Data concentrators14UpdatesDataloaders typically runARINC 615, layered over 429Primarily nav databases, butalso avionics softwareManual installationoverhead, code rarely signedDesire to update OTA15Hardware RE StrategySearch for datasheets (oftenvery old)Trace / buzz out pins(gah, conformal coating)SaleaeDataman / firmware binarydumpRO protection uncommon16The future (is now)Common core systemVxWorksLSAP1718
