Hugo Teso (Security Consultant, n.runs Professionals)

PRESENTATION TITLE: Digging Deeper into Aviation Security

PRESENTATION ABSTRACT:

Still focusing on the same target, aircrafts, this presentation we will detail and exploit new aviation protocols weaknesses and avionic systems vulnerabilities.

If previously we saw how to use a combination of ADS-B and ACARS in order to exploit Flight Management Computer vulnerabilities and take partial control of the aircraft navigation system, now we will improve the attack by adding new vectors, vulnerabilities and post-exploitation techniques that overcome most of the limitations of the previous approach.

The complete attack will be accomplished remotely, without needing physical access to the target at any time, and real avionics systems (Software and sometimes Hardware) will be used.

Finally a new proof of concept will be shown to help understand the concepts and attacks explained.

ABOUT HUGO TESO

Hugo Teso works as a security consultant at n.runs Professionals in Germany. He has been working on IT security for the last 11 years, mainly in Spain. Also being a commercial pilot, he soon focused his attention on aviation security. Together with the development of some open source projects, like Inguma and Bokken, he has spent a lot of time on aviation security research and has presented some of the results in conferences like RootedCon, HITB and CyCon.