Building on the concept of taking security out of the desktop and server closets from 2010 when we attacked cars and busses….and then earlier this year when we picked on tractors…..we are going to see if we can get ourselves into some hot water by picking on airplanes and missiles. This talk will examine the role of the computer systems in the modern plane and the challenges surrounding the implementation of the security in both the core systems that ensure 250+ tons of metal stays in the air…as well as the 3rd party companies that are meant to support them. We will put forth some practical ideas and theories on how to compromise the architecture and of course the scenario’s of “what if” will be worked through. The talk is designed to be a back/forth discussion with the audience specifically around the scenarios and the various controls in place within the plane’s network to identify and deal with any such argument we can put forth. We are going to focus on the commercial world of passenger transportation, however will touch upon the military crossovers where fully understood. We will discuss the data acquisition and modeling architectures as well as the BUS and core logic systems that are implemented within several identified plane types, and again as above we will run through scenarios and explain the logic involved in bypassing (fooling) the design. Quite simply put we will theorize on how to turn the engines off at 35000 feet and not have any of those damn flashing warning lights go off in the cockpit….needless to say this is all theory (Please don’t try this on the way home, and only use on a tame “owned” 747.) While we’re at it, we will examine those very same companies who produce components for the Boeing and Airbus industries and assess the military technology they produce, specifically that which is placed in the more “smart” type weapons, and how to influence the guidance and other targets, preferably “pre-build” again using a combination of research (Google ideas thanks to Johnny Long) and direct manufacturing influences.

Back to Derbycon 2011 video list