More Than Turbulence - Aviation Software Vulnerabilities & Exploitation Podcast with Cyber Senate and Chris Kubecka CEO of Hypasec
July 11, 2019
James Nesbitt and Chris Kubecka
The Cyber Senate welcome special guest, Chris Kubeck, CEO of Hypasec, who will be speaking on our 3rd annual Aviation Cybersecurity Summit in London on November 5/th and 6th. www.aviationcybersec.com
Her presentation: More Than Turbulence- Aviation Software Vulnerabilities & Exploitation
- Introductions to the challenges of modern aviation and technology
- Maintenance and asset management
- FAA requirements and recalls
-Weaknesses in exposure of various parts databases
- Lack of required security testing by FAA on maintenance software
- Software utilized in a modern airframe
-Explanation of what types of software is in use on both planes and weight balancing
- Buffer overflows, the FAA requires memory checks to ensure they stay within hardware operating parameters. But, no full boundary checks.
- Explanation of current challenges: F35a has buffer overflow issues requiring a manual reboot of the flight computer, in-flight
- Gate logic doesn't equal good code or secure code: explanation of how the software is written whilst pointing out memory leaks, incompatibility with ease of patching unless substantial downtime (except the 787) and the lack of any security testing for any aviation software on a plane.
- Exposure of various airframe manufacturer systems.
- Exposure of various airport ticketing and maintenance systems