ZeroNights hacking conference featured a guide to hijacking a plane, a car, or kidnapping a child
On November 19 and 20, the international ZeroNights conference, organized by ERPScan, was held
in Moscow, where security researchers shared their news about the security issues of computers and
everything related to them.
Digital technologies are far from just personals computers now, and electronics are used virtually
everywhere, so the attention of researchers and cybercriminals alike has been drawn to the devices and
systems which are most closely connected with people’s lives, their safety and well-being.
A certain symbol for the breakout of such research (although it had existed before, of course) is the
Stuxnet worm, which infects industrial systems, and the latest research of attacks on insulin probes and
The attacks that were presented at ZeroNights are not as scary but a lot more realistic.
In the course of their research of embedded devices security, ERPScan analysts have studied the
tracking and location tools called GPS trackers, which are widely used to track the whereabouts of cars,
children, and even criminals. Those devices are also often used to replace or supplement car alarm
The researchers have managed to conduct an attack which allowed replacing the location of an object
on the map with just one SMS sent to the device’s cell number, which is easily found out by hacking the
website of the tracking service or sniffing GSM traffic near the device.
The conference featured a live demo where the device was in the conference hall but started to move
across the map frantically after the SMS was sent.
It is easy to imagine the reverse situation where a criminal steals a car and signals to the device that the
car is in place. Moreover, it is much more serviceable than suppressing the GPS signal because in that
case the very fact of hijacking would be obvious.
“Easy execution makes the attack especially dangerous because the majority of users (30%) neglect
passwords. But even if there was a password, a cybercriminal would be able to conduct similar attacks
without knowing it or simply disable the device by sending it into infinite restart loop. We are currently
investigating other, more sophisticated security issues of such devices” – said Dmitry Chastukhin, a
security researcher in ERPScan.
Another research was presented by Andrei Costin, a Ph.D. candidate in embedded devices security in
EURECOM University. He found out that, using relatively cheap devices which cost from 300 to 1500
USD and a couple dozens of uncomplicated code strings, it is possible to modify the signals of ADS-B
protocol: an air traffic control system used by pilots and dispatchers to track the location of airplanes
and transmit other parameters and data important for the flight.
It turned out – which is, to say the least, weird, if not horrifying – that this protocol does not use any
defensive measures to transmit data, such as encryption and strong cryptographic signature, in spite of
crucial significance of flight and support systems security for flight control and management.
Obviously, it allows tracking all airplanes in real-time and, most importantly, airing fake data or replacing
data in genuine packets to, for example, imitate a plane collision on the screens of flight controllers.
The consequences may vary from panic in flight control headquarters to, in theory, initiation of counter-
terrorism procedures and emergency alerts on the ground.
“We are going to proceed with researching Traffic alert and Collision Avoidance System (TCAS)”, – Andrei
Stay tuned and have nice and safe trips wherever you go!