Just when we were getting flight attendants to relax the electronic device restrictions on flights, a German security consultant has demonstrated a real-world hack and takeover of an airplane’s critical guidance and control systems using an app he built that runs on an Android smartphone. Hugo Teso of n.run, who is also a trained commercial pilot, demonstrated the exploit at the Hack in the Box conference in Amsterdam, and has developed a framework and app as a means to illustrate just how poor the current state of aviation security actually is. Teso designed the framework to be unusable outside his simulation environment, but he maintains that his environment mirrors technology that is currently in use throughout the aviation industry. On top of being able to completely own the Flight Management System (sometimes referred to as the “Autopilot”) of an aircraft, Teso’s app, named “PlaneSploit” demonstrated how, once complete control of the aircraft’s control systems was obtained, the actual operation of a flying aircraft could be remotely controlled from a smartphone.
Teso has carefully kept his research private, and has been working closely with the aircraft industry to help them close the gap on the many security vulnerabilities that exist in the thousands of aircraft in use today. Even still, it’s possible that other security analysts could uncover the same exploitable weaknesses in avionics platforms, and perhaps behave less altruistically than Teso. Also keep in mind that the autopilot systems can be manually overridden and the aircraft flown “by hand” using backup analog instrumentation. The trick, Teso reminds us, is that unless the pilot knows the plane has been hacked, he won’t know to take over control until the damage has already been done.
What this means for you:
Unless you are a commercial pilot, or someone of influence in the airline industry, I’m afraid there’s not much you can do about this except continue to raise awareness with everyone around you about technology security. Even though I sincerely doubt we’ll see any real-world plane hijackings via smartphone any time soon, now that this Pandora’s Box has been opened, it may never be shut again.
Matt Honan, the Wired writer who had his digital identity stolen in a harrowing cyberattack last year, is back with another chilling article about yet another technology failing to protect us: this time it’s our beloved smartphones. More specifically, it’s the ones we’ve left behind, donated or possibly even sold via eBay, when we upgraded to a newer mobile device. The problem? Even though we may “wipe” the phones, the process may still leave enough information behind for the wiped phone to reveal sensitive information about their owners, including where the phone has been (geographically), what websites have been visited, and even phone numbers, addresses and other confidential data we thought erased.
What this means for you:
Depending on the type of phone you are discarding, and how it is wiped, this may or may not be an issue for you. For example, iPhones after the 3G mentioned in the article are encrypted by default, and if “reset” properly, the encryption key is destroyed, rendering any data on the phone unreadable, even if it is recovered. Most large organizations with a savvy IT department will only allow smartphones to access corporate email and files after your phone has been configured with proper security settings, up to and including an encrypted partition to store your email and any files you might access from the corporate network. Most Android phones should be able to encrypt all data (check “Settings -> Security”) depending on version of Android your phone is running, providing the same type of protection that Apple has on its late-model iPhones.
I can hear you saying, “I don’t have any data on my phone that is sensitive,” and unless you are 100% sure of this, always assume there is something on your phone you don’t want untrustworthy eyes seeing. Even older flip-phones have phone numbers, addresses and other data you might not want to share with a stranger. If you are at all in doubt, hold on to that phone until you can talk to a professional about wiping it securely. If you don’t plan on letting the phone have a second life through eBay or donation, take it to an eWaste facility or event that offers secure destruction. This process renders the phone (and any electronic device, like a hard drive) down to its basic metallic components, completely destroying any data stored in any component. Don’t have access to such a process? Drop your phone into a bowl of water for a day or, as the Wired article suggests, take a hammer to it (wear proper safety equipment please!) before disposing of it through a proper eWaste avenue. This isn’t a guaranteed method, but it will take a dedicated effort that most data scavengers will bypass in favor of the next discarded smartphone that will be an easier mark.
Industry analysts are taking off their rose-colored glasses after examining the results of BlackBerry’s largely lackluster launch of their OS 10 platform. Original estimates had the newly renamed company (formerly Research In Motion) selling as many as 1.75 million new phones following the Jan 30 debut. Using words like “soft launch” and “modest demand”, analysts are now revising their estimates down by as much as 83%, putting BlackBerry’s comeback into serious doubt.
What this means for you:
It’s probably too early to call it, but BlackBerry really needed a big splash with the 10 launch and to keep surging forward with momentum to stay on par with upcoming anticipated Samsung and Apple launches on tap for Summer. Early reviews indicate that version 10 phones have caught up with the competition, but the technology hasn’t leapfrogged the competition, something BlackBerry really needs to do to gain any footing in this market, as they can’t outspend Google, Apple or even Samsung. If your company is heavily invested in BlackBerry and still supports it for corporate communications, you can’t go wrong with a Z10 or Q10, as long as your IT department has committed to keeping their BB infrastructure current. If they seem even the littlest bit wishy-washy on that subject, or they already support Android and iOS devices, you’ll make a safer investment in another platform.
Research In Motion (RIM), makers of the once-dominant BlackBerry platform, has announced the launch date of its BlackBerry 10 phones to be January 30 by all the major US carriers except Sprint, who has promised a BB10 phone later in the year. Many analysts believe that this launch is the last-ditch effort by RIM to regain relevance in an industry dominated by iPhone and Android devices, and just as many have already counted them out.
What this means for you:
If you are one of the dwindling BlackBerry faithful, there is a lot to whet your (by now, monstrous) appetite: the new RIM OS modern look and all new code-base (supposedly no carry-over code from older RIM OS’s) will hopefully update BlackBerry’s staid, corporate image. However, the new BB10 phones have multiple strikes against them:
- Developers for the “staple” apps (Facebook, Google, Netflix, etc) will undoubtedly develop versions of their omnipresent apps because they can fund the development off the backs of their profitable iOS and Android counterparts, but don’t expect surprise hits from indie developers appearing on BB10 first – there just isn’t a large enough userbase to warrant the investment gamble. RIM has sponsored some recent events to kickstart development, but proof will be in whether BB10’s launch will be a repeat of Microsoft’s Windows Phone lackluster debut.
- BlackBerry’s current infrastructure has some serious redudancy flaws that has led to some titanic outages. Once viewed as the most reliable platform in the early days of smartphones, the series of recent, widespread outages has severely tarnished RIM’s image.
- RIM has been lapped by Apple and Google, OS-wise, at least 2 to 3 times now. RIM is just launching a competitor to phone OS’s that were developed years ago. Unless this horse can fly, there is no way BB10 is catching iOS6 or Jelly Bean in this race.
I suspect that RIM isn’t quite done – they still have a nice chunk of the market, but they aren’t going to supplant iPhones or Androids anytime soon.
- 1
- 2