Published on August 11th, 2015 📆 | 4909 Views ⚑
0Hacking airport security systems with a common laptop
Hackers can compromise airport security networks by using a common laptop, this is the disconcerting discovery of the popular expert Billy Rios.
Cyber security from I-Team investigation revealed that hackers could have the ability to shut down an airportâs security network just using a laptop.
It is embarrassing read that system designed to improve security of the airports could represent the entry point for attackers.
âWalking by these devices and knowing how poorly secure they are, it doesnât sit well with me,â explained the popular cyber security expert Billy Rios. âItâs pretty bad â probably no thought has been given to cyber security at all.â
In 2013, Billy Rios tested various machines deployed at airports throughout the world discovering numerous security vulnerabilities. The list of machines tested includes an X-ray scanner, an explosives detector, also known as itemiser, and a time clock.
[adsense size='1']
Rios explained that the vulnerabilities affecting the machine could be exploited to access the airportâs network, for example, is discovered very common to discover hard-coded passwords into the software running on these security systems.
âSo anyone that knew the username and password, which we know, could just log into the device and get access to an airport network,â said Rios. âIt just takes one second to abuse some of the vulnerabilities that weâve seen.â
The unauthorized access to an X-ray machine could be exploited by a terrorist or a criminal to hide weapons from screeners.
Rios reported the flaws to the US authorities that prompted the Department of Homeland Security to issue a warning about password vulnerabilities in some explosive detection machines. According to NBCNewYork , Rios has found many other flaws in the itemiser and in the time clocks.
âOne machine Rios examined is called the itemiser. The company that makes itemisers says the version Rios bought was only used at foreign airports and the company recently released an update to correct the flaw, it said.
Rios maintains the broader concern continues at domestic airports, where he says he found three time clocks with vulnerable passwords.â states the NBCNewYork.
The company that produces the time clocks have already fixed the flaws and personnel at the airports can now change the passwords.
[adsense size='1']
The most disconcerting aspect of the story is that it is likely that the vulnerabilities discovered by Rios have already been exploited, this is the opinion of the cyber security strategist from Cylance, Jon Miller.
âNow that we have extremists that are gaining these capabilities, theyâre going to start using information for other types of attacks we havenât seen before. Itâs going to be a sobering couple of years,â said Miller.
The Cylance firm recently published a report on an Iranian hacking crew, which run a cyber espionage campaign exfiltrating sensitive information from many organizations and environments, including the airports.
âWe were following them for 18 to 24 months, but it wasnât until we started seeing them pull things like emergency response times and information that could put the physical safety of people at harm we knew we had to stop it,â says Miller.
âAnyone who has a copy of the plan on how an airport or any facility responds to an emergency now has a blueprint on how to beat that system,â said Kenneth Honig, a former commanding officer for the police department of the Port Authority of New York and New Jersey.
âNow that itâs been brought out into the open, hopefully they will take steps to fix it, but it will take time.â added Honig, who has 20 years leadership on the force.
[adsense size='1']
Rios urges Transportation Security Administration to adopt more stringent requirements in term of cyber security of the equipment used in any airport.
âThe bar is too low,â Rios said. âThere will always be security issues, we canât solve every single security issue, but we shouldnât have the bar be so low that anybody can hack into these devices. The bar has to be a lot higher.â
Gloss