The Hacker Mind: Hacking Aerospace
Can you hack an airplane? A satellite in orbit? Turns out that you can. And the fact that hackers are thinking about this now is a very good thing.
Steve Luczynski and Matt Mayes join The Hacker Mind to talk about the importance of getting hackers, vendors, and the government to get together and work through problems. That’s why the Aerospace Village at DEF CON exists, to expose various groups of people to each other, and to collectively start to work on solving these problems before they negatively impact our lives.
The Hacker Mind is available on all podcast platforms.
[Heads Up: This transcription was autogenerated, so there may be errors.]
Vamosi: Maybe you remember this: In 2014, researchers Charlie Miller and Chris Valasek succeeded in hacking a Jeep Cherokee while a reporter was driving it on a freeway during rush hour in St Louis, Missouri.
Inside Edition: Andy Greenberg, senior writer at Wired allowed two hackers to remotely control a 2014 Jeep Grand Cherokee that they say hadn't been altered in any way while driving on a highway in St. Louis.
“We wanted to show that this attack is has serious consequences for this vehicle.”
“We are only two guys with one car, right so you know, we can't look at every car and we want to release this information because more people like us need to be focused on this problem.”
The event, which was captured on video and also reported in Wired magazine, sent a message to the automotive industry. In fact, I remember starting a new job by flying to Auburn Hills, Michigan for the very first meeting of the Featherstone Group, a collection of automotive OEM executive and security professionals. That work resulted in new SAE standards and lead to ISO 21434, a new standard focused on cybersecurity in automotive.
So, given that we can now hack into cars remotely, could we hack into other systems as well? Could we hack into an airplane, for example. Or a satellite in space?
Turns out we can.
In 2015, shortly after the Jeep hack, the National Transportation and Safety Board (NTSB) released a study suggesting that someone could take wireless signals within an airplane and perhaps cause mischief. Since it wasn’t directed at a specific airplane or specific part of an airplane, it didn’t rise to the level of the Jeep hack. In fact, at the time, the were mixed signals as a result of the report. Steve Grobman, CTO with Intel’s security group had this to say:
CNBC: Yeah, so I think that nothing is ever impossible. But I think we also need to understand that the transportation industry, especially the aviation industry, is world class in setting up their systems for redundancy for security. And what they've done for the system that are in place today have many, many measures that are in place to protect against the type of scenario that we're talking about. With that said, I think that it is great that this is getting exposure and as an area for the industry to put extra focus on it.
On that same show, security researcher Dave Kennedy had this to say:
CNBC: Well, I agree with Steve to a certain extent. I mean, you the FAA has a lot of safety regulations in place to try to prohibit these types of attacks. But there was actually another GAO study that came out about two months ago. It showed that the FAA had no security controls in place that they couldn't detect or monitor for intrusions. So I think this is a much larger scale, you know, issue when it comes to good security practices. And while safety is a big concern, I don't know if it's necessarily been in the cyberspace or the technology space yet and a lot of these systems will I do set them up and do decent controls is possible to potentially breach them and go after them. So I'd say it's definitely possible. And the GAO pointed out that that, you know, there were exposures identified as part of it. So I definitely think it's possible
In a moment I’ll talk about something tangible and good that did come from the NTSB report, but only after another security researcher really pushed the envelope and tweeted out some of the things he was capable of doing to an airplane while it was inflight.
[Music]
Welcome to the hacker mind that original podcast from for all secure it's about challenging our expectations about the people who hack for a living. I'm Robert Vamosi. And in this episode, I'm about getting industry to sit down with hackers, and hackers to approach industry and share information together as opposed to stand off, stunt hacks. I’m talking about the aerospace village, and how it’s bringing security to the airplanes we all fly and how that’s a good thing.
[Music]
After the NTSB released its 2015 report about aircraft hacking, very little action came of it. The airline industry wrote it off as an unlikely scenario. So one security researcher decided to poke the tiger. And his work certainly made the evening news. Here’s CBS news.
CBS: A computer security researcher was kept off a plane for suggesting on social media that he could hack into the planes control system. During a flight to Syracuse last week, Chris Roberts posted this tweet, joking that he could deploy the planes oxygen masks. The FBI detained him when he landed and questioned him for hours. It plans to fly again on Saturday but United Airlines kept them off the plane .
And ABC News.
ABC: Air scares usually Bob dangerous turbulence or Regency landings but tonight A new threat you probably have never heard about a computer security expert says he hacked into planes in flight entertainment system and briefly made Fly sideways. The FBI is now investigating.
Vamosi: Chris Roberts, aka Sidragon1, had reached a tipping point. He’d been researching vulnerabilities in aircraft for years. He wasn’t just some stunt hacker. He explained how he’d been studying the problem for years on Fox News.
FOX: Roberts: You basically have to understand how computer networks work, how avionics systems work, and then be able to translate communicate between those systems We've primarily focused on physically being in the airplane and hooking up to inflight entertainment. But theoretically You can also leave devices behind remotely get in through the onboard wire
Vamosi: And that Tweet he sent about how he could make the oxygen masks deploy in flight?
FOX: Roberts: The tweet was pretty blunt but it was in response to the GAO reports and apparently one of the airline manufacturers tweeted, basically they put out a response to say that they thought it was all nice and secure. Honestly I disagree with that and so while I was actually on a plane I was very blunt having paid for my wireless access. I was very blunt saying you know what I'm sitting here I know that this is what is possible to do on these airplanes
Roberts: it wasn't deliberately intended to scare. I mean this is four or five years worth of research that we have done we've done a lot of attempts to work with the industry work with the intelligence community and they have turned somewhat of a blind eye so far
Vamosi: And yet the airlines continued to dismiss of this work? Is it really impossible to hack into an airplane? Roberts says it’s possible.
Roberts: All the research we have done -- both myself and fellow security consult --- all science and research In this area from retired retired pilots and Engineers and other individuals indicates otherwise
Vamosi: I’m doubling down on this only because it points to a fundamental problem with serious hacking. Often when a flaw is first reported, the vendor will push back. Making such claims public to illustrate the danger only intensifies the disagreement. And that, too, doesn’t always work. Back in 2015 there really wasn't a way for hackers and aerospace vendors to meet in the middle. Now, thanks to the volunteer work of many individuals, we have something called the Aerospace village. So I decided to find out more.
Luczynski: My name is Steve Luczynski and I am the board chairman for the aerospace village.
Mayes: Yeah, my name is Matt Mays, and I'm the deputy director or Chief of Staff
Vamosi: Now, before we get too far, one might ask, if you’re going to go through the effort to create a village, why not create a whole conference around the topic of aerospace instead? Then again, why not tap into an existing crowd of like minded people, and focus a few of them that are interested in your topic. This is something that DEF CON has encouraged lately.
Luczynski: Yeah, it's certainly easier to be a village than to put on an entire conference and especially, I know the villages from DEF CON. So being able to be a part of a massive event with the audience that's who we want to engage that to we want to help. Being a part of DEF CON and being invited into the villages is such a good experience. I think the easiest way to describe it is in talking to different folks who are not familiar with DEF CON, you know, any conference has presentations. You have your keynote, you have your you can do a specialization track of different talks and they try to have themes and things of that nature and def cons the same way. But what DEF CON has done is they've had groups of people who come together that want to focus on a particular topic. Things like industrial control systems, car hacking, and things of that nature bio hacking medical devices. And so the ability to find folks who are interested in aviation related computer systems and how do you make them secure space systems and how do you make them secure and just the fact that those are hard to get to? Hard to access, so to get like minded folks coming together to get exposure for other folks to go hey, what's going on over there? I want to learn more about that and they didn't know they were like minded till they started seeing and talking and that's the beauty of the village concept that as I've seen it in my few years of going to DEF CON and then being a part of the the aerospace village and getting to contribute to all of
Vamosi: DEF CON is celebrating it’s 30th year this year, but the villages are relatively new. How did the aerospace village get started?
Luczynski: I wish it was something as good as that as the you know all good ideas on the back of a cocktail napkin type of story, but I don't think it's too far from it. I spoke with one of the guys that was fundamental to the village starting Bo Woods, who has been on your podcast before and I think folks who know DEF CON and the hacker community probably know him very well. And beyond the hacker community in the policy side of things, his Think Tank work, lose a tremendous asset, wealth and knowledge and things like that. And so I was asking him what are the things that led up to what I started seeing and what was going on. And so some of the things because of those work on nonprofit side, again, all all around the InfoSec community, but looking at these different villages, and if you remember to 2014 Around that time before that or so, car hacking was starting to be in the news, people were talking about it. And Bo told me he's like, Yeah, I had conversations with folks at the Aviation ISAC. They focus on security in that community and they were interested in the fact of these. These are issues that we need to address the inability or the reluctance to talk across communities or the private sector with the government and private sector. That's ongoing and always there, but the private sector in the cybersecurity community is getting the security researchers. There wasn't a whole lot of trust there. A lot of people didn't know each other and there wasn't always trust because of some of the claims that were coming out in the way that it was being presented in the media. That just made things difficult.
Vamosi: As an infosec reporter, I know it’s sometimes hard to cover the issues as they are. There’s just so much hype. But I will say some of us really do take the time to talk to the experts and some of us really do try to understand what’s what. And often, yeah, it’s not as sexy as your editor might want it to be. Often the truth of the matter is a lot more cool.
Luczynski: And so there was interest in doing these things. conversations he had, like I mentioned on the private sector side with folks that worked at the Department of Homeland Security. Before CISA was an actual agency, its predecessor, and there was interest in doing these things. But the struggle was how do you do these things? And how do you bring these folks together? And I remember what really struck me, you know, not knowing that was going on, but as an Air Force pilot, I my last three years in the Air Force, were at the Pentagon and I had the opportunity because of where I work, working on cyber policy plans and operations specifically, I got to go to DEF CON. And man what a great experience that was DEF CON 22 back in 2014. But one of the panels, one of the talks that I went to, was specifically I remember it was a there was a I can't remember the guy's role. I think he was a scissor, the woman talking I think she was a chief pilot at one of the airlines. But the discussion was, hey, there's these stories in the media. Here's the reality of how airplanes work. How the systems are connected, and whether or not they can really be hacked the way the claims are made.
Vamosi: I remember that panel at DEF CON 22 it was called Cyber-hijacking Airplanes: Truth or Fiction? Dr. Phil Polstra and Captain Polly addressed some recent issues in the media.
Dr. Phil: Dr. Phil and this is Captain Polly. Just a little bit why, why this talk? Well, you know, a lot of people have been talking about being able to take over planes remotely and such. And of course, when you say things like that you get a lot of press. So we just thought maybe it was time to investigate some of these things and look at them a little further. And it's okay to be scared. But if you're going to be scared, be scared because of reality. Not because some fiction, maybe some stuff that the media has made you think. So, just a little bit about me
That’s why events like DEF CON occur, to set the record straight by presenting factual information. In fact, the talk at DEF CON 22, was newsworthy because it served to reassure the audience that, well, it really is hard to hack into a plane.
Dr. Phil: All right. So let me get this out of the way to start with one thing that everyone needs understand you cannot override a pilot. All right? You cannot override the pilots inputs on flight controls. That system is closed, you know, even if it's fly by wire, believe it or not some of these airliners still use cables for some of the controls. For example, the Embraer regional jet actually uses cables for the elevator controls. So it's not even fly by wire completely. But also, something you should understand is that all of these airplanes do feature mechanical backup instruments. Now I'm not gonna say that the pilots still know how to use them. I'm just gonna say that. So you know, you can't really hack a mechanical altimeter, or attitude indicator, etc, etc. I said you can but I should have said you may be able to affect the autopilot operation, but then again, you need to realize if the pilots notice what's going on, they will disconnect the autopilot.
Vamosi: Matt shares this belief as well.
Yeah, I think I mean, fundamentally, airplanes are still very secure. One of the biggest risks is physical access to an airplane. And thankfully for the most part, airports are very secure. So that cuts off a lot of the attack vector, if you will. But as airplanes and systems become more and more connected, you are opening up some risks and thankfully there are a lot of smart people that are trying to address this. We just want to make sure that we help to bring some smart people that know how these things can be exploited and put them in contact with people that are designing these systems just to make sure that everything is in fact safe.
Vamosi: For example, Automatic Dependent Surveillance-Broadcast (ADS-B), which provides real-time precision, shared situational awareness, advanced applications for pilots. That would seem to be a juicy target. Except, in reality, it’s not. Here’s Dr. Phil again.
Dr. Phil: ADS-B is a pretty well known protocol. There's been some other talks about it. If you look at the slide down in the bottom left, you'll see a board that you can use to receive the code ATSB signals, even send your own. And on the right, is a commercial unit that you might find in a small aircraft. That's a GPS slash ATSB unit for receiving and sending ATSB signals. Actually, I think that one only receives ATSB but as others have said, it's true. There's no security in this protocol. You can create phantom aircraft, you can create bogus, ATSB transmissions all day long. You could even create fake weather reports if you so choose, or if you're just really frustrated. You could always jamming you can jam any frequency, however, is we're going to talk about a but it's not likely to affect any kind of traffic or collision avoidance system.
Vamosi: So you can disrupt systems, but you’re unlikely to create Hollywood scenarios. That’s because the systems within the airplane are segmented, which is a security best practice.
Luczynski: And I would even add on the fact that you have people thinking about this problem, I don't want you to worry about it. You know, it's great that you're not thinking about it. I don't want my mom thinking about it, just get on the airplane. Things are safe physically. Things are safe with cybersecurity. It's not that there isn't a concern. It's like I don't want that to be foremost on your mind because we do have these people who understand and think about these things and know how to find ways around and fix them. That's the important part. And that's what we want to continue supporting and encouraging.
[MUSIC]
Vamosi: So you to DEF CON, why would you want to go a village? DEF CON is great; it’s huge, and you are likely to find others who share your interests. The villages then are ways to ensure that there are people who share your interests. So what attacked Steve to the idea in the first place?
Luczynski: So it was very good for me from a flying background to hear it and having a little bit of a cybersecurity background hearing it and then the discussions that went with that because of what was going on at the time. So I think all of those things. And Bo mentioned also, you know, that's what I saw from the hacker side. I started working on aviation cybersecurity issues in the government between what DoD was doing with FAA and was also doing with what became scissor now TSA is running that and that whole aviation Cybersecurity Initiative has grown but in those discussions and what was going on there, and that's where around that time I met Bo because of his work at the Atlantic Council. And what he was seeing was interest again from the private sector. Talos, in particular, came in and they were doing work with the Atlantic Council and they ended up sponsoring the report about aviation cybersecurity, and one of the village's founders B Cooper. He was the main author of that report, working with Bo, the speaking event when we rolled that out, and I was able to participate. A lot of other smart folks in that area.
Vamosi: It’s important to note that it’s not just hackers at DEF CON. There are plenty of government people, a tradition going back to the very first DEF CON. And, lately, there are industry people. People aren’t necessarily hackers themselves, but need to know about hacking for their work in compliance or other aspects of business.
Luczynski: We were a part of that rollout and getting to hear the industry perspective on this issue, getting to have some hacker perspectives on this issue and, and throughout that entire time bowing to his creative nature. He had been talking about a village for a while and those are the things that you didn't you start putting together a hacker at a think tank or the pilot who understands what's going on the flying side and has an appreciation for government background was in the British military as a pilot, and working on cybersecurity in the government. It's like the perfect storm. And and what Bo told me was great, he's like, yeah, the day that the applications were due, it was a discussion of hey, you want to do this? Yeah, let's do it. And they submitted and it got accepted. And you know, here we are today after that, you know, gathering all the volunteers going well we did it so let's go. And you know, to me, what I really like about it is the talk about grassroots there was no money there was no what we have all these phones. We have all this it was well, we're in now. So let's start going and then pulling in the folks to support the way it's built up from there. So I think that's a fairly short version of what got us there, but it's definitely a good detail and the background of it and I'm just amazed and seeing all these things come together.
Vamosi: What drew Matt to the village?
Mayes: So I've I've worn a couple different hats over the years, and I was used to be an engineer. And one of the projects I worked for at a government agency was on electronic flight bags.
Vamosi: Back in the day, Pilots would bring on board these heavy bags full of navigation reports, etc. Today, in the interests of saving weight, and just generally being more accessible, pilots use electronic flight bags, or tablets that have been hardened and loaded with all the information that they need.
Mayes: And if you're familiar with those are they're basically we've taken iPads, and it's common throughout commercial and military aviation. And all of our charts and navigation data can be stored on these these iPads and so that was my first exposure to just how vulnerable is aviation data? And how can we when we're navigating off that ensure that the data you're looking at is in fact the correct data? So that was my first exposure to the you know, the risks that could be out there. And trying to take a real solid look at it. Once I got out of the the engineering role and started flying for a living. I still maintain some some interest in this side of things. And so when I saw what would Steve and the rest of what was the aviation village at the time when I saw what they were doing, I knew I wanted to get involved. So do you think that it's important to kind of throw out there that I mean, there are there surprises all the time just like with the the 5g issues that came up recently.
Vamosi: in 2018, the Federal Communications Commission the FCC had an auction to sell off parts of the electromagnetic spectrum to make way for the new 5G wireless that was still being created. There was a problem, one that a few people noticed right away, in that some of the newly auctioned off frequencies could impact existing aerodynamic devices. Here’s Nicholas Calio, CEO of Airlines for America, testifying before Congress on February 1, 2022.
Calio: Since the spring of 2018, others in the aviation industry have been raising concerns about radial to matters in the new 5g environment. as time ran out ahead of schedule and reschedule deployment dates, i and all of our member ceos signed a letter warning of significant destruction. the restrictions that were being imposed on the industry would have impacted approximately 300 -- excuse me. 345,000 passengers, flights, 3200 passengers, and 5400 cargo flights each year in the form of delayed flights, diversions, or cancellations. the past few months have been nothing short of a harrowing sequence of looming deadlines and impending action. the process that led up to this operational nightmare should be held up as a cautionary tale about lack of communication and coronation gone awry. it's not a pleasant problem or issue. it's a government coronation problem that needs to be rationalized going forward.
Vamosi: So right there, the lack of coordination and communication among the FCC and the airline industry was a problem. They werne’t talking to each other about emerging technological problems. Fortunately the Federal Aviation Administration, the FAA, got involves and in February of 2022, AT&T and Verizon went ahead with their scheduled roll out and the airplanes didn’t fall out of the sky. That wasn’t, however, what the concern was about.
Mayes: Now that was not a you know, a specific risk to airplanes in that there are mitigations in place, but I know the airplane I fly. If it's set up to do an auto land one of the things that it relies upon is an accurate radar altimeter. And so it's trying to look for just how close you are to the ground in a very accurate way. And if that somehow gets interrupted by a 5g signal that starts to cause some chaos in the decisions that computers are making. And so by extension, that same chaos could be caused by people doing that sort of thing on purpose. And so again, are these situations being thought through as airplanes just become even more and more complex?
Luczynski: That's typically how the public thinks about it when they hear these stories. It's very focused on aircraft. But the important part to keep in mind and what I really like about the way we're structured and the way we do our work, aircraft are one element we look at the entire ecosystem, the airports there, they're an entire city by themselves with all the different types of networks it ot what they have to deal with, with vendors and airlines and passengers coming through. But it's also the air traffic management system. So all the things that go into communications and navigation and when we started as the aviation village, we included space in that in the sense that a lot of the communications and navigation are based off of space based assets. But the change when we decided that no space is an absolute critical element, let's become the aerospace village because we want to make sure that focus is on that area too. Not just from the Aviation mindset that we had, but as we started the the ideas for Hackensack came out the work that Pete, Dr. Roper did at the time of coming up with that idea and how that's grown and just the recognition now of all the folks who are working on that sector and the importance of it and it's a nice combination, but it's absolutely very broad, very big applications are these systems that are in other sectors. Other parts of our lives. And so there's benefit there and good mutual support across those sectors with this type of work.
[MUSIC]
Vamosi: So at a lot of hacking conference I go to, I have a laptop running Linux. I can join in, I can follow along. The thing I’m having trouble with with the aerospace village is that … well, I don’t have an aircraft that I can tinker with. And chances are neither do you.
Luczynski: Yeah, that that was a lot of the impetus behind having the village get together is the equipment. Government equipment is not easily accessible. It's classified. It's incredibly expensive. It's proprietary. If it's coming from the original manufacturer or the airline that of course they want to keep things to themselves and protected in that sense. But the ideas of how they work, the concepts behind it. Those aren't necessarily special or in any way a secret and so getting folks to understand this is how the system's the code the language, the interactions. This is how they all come together, you know how they're done on that particular aircraft or that particular network that's a different story, but getting them that type of access to the equipment to the ideas, finding the other folks who we've had, come in and give presentations of let me tell you how. For that satellite operate, here's the entire ground base network that goes into supporting it. And just that type of learning, which isn't necessarily common out there or easy to find. Facilitating that and providing that that's one of the things that we I think we've done a great job of getting the folks together and continuing to grow. But being able to find a young person who says yeah, I want to learn more about that, and giving them as opportunities
Vamosi: Part of that is working with aerospace companies and bringing them in to also get people excited about the possibilities in securing the aerospace industry. And this is one of the roles that Matt provides the organization.
Mayes: So yes, I do have a role in trying to bring more companies and organizations into the village to try and get them to actually bring some of the equipment that they use and make it accessible to people. And that's really the key and all this is is there's a lot of companies that are skeptical of hackers. And they're you know, both sides are looking at each other and you know a little bit in an uneasy fashion. And so we want to show that neither side is scary and that everything can be mutually beneficial. So when we had an aircraft, many manufacturers show up with one of their devices and actually allowing people to, you know, walk around and use that or when we have you know, what's examples of satellites that that people can try and tinker with or try and secure operating systems for drones, things like that. Actually, letting people get hands on with it is something that they're just not finding anywhere else. And so it's some really neat options for people to get involved with in the village.
Luczynski: early on, when the idea of the village came up, one of the first things that we did was the what is our goal, what is our vision our way and we specifically looked at based on the challenge and what are the values that we want to guide us and how do we want to do this and pursuing the overall security which improved safety and at the time for air travel, air operations, people cargo, all of those things. And then now it's grown into space operations from there. But that was our guiding principle. And we wanted to bring together folks who wanted to do positive, productive collaboration. They wanted to contribute that was in our minds. And so as we started talking about that and talking in that manner, it was easy for us to go out and say, Hey, different different companies, different researchers, you know, this is what we're looking to do, do you want to join in? But like I mentioned before, the reluctance came from folks that know each other, the government and private sector. There's regulatory issues. There's history there, same thing in the security researcher community so there's, there's those kinds of difficulties and early on, it was difficult. When we were forming up we had great support for our first event where we participated as the aviation Village at DEF CON and 22. Yeah, 2019. And it worked out really well. But it was incredible did the folks we had there had no problem. We did not get other folks we were engaging because of that uncertainty. Not knowing what was going on not being willing to address these issues in public because of the concern.
Vamosi: This is the disconnect I mentioned, between industry and hackers. The perception they are adversarial.
Luczynski: The gotcha is someone who's going to pop out an eau de at DEF CON and surprise a company and things of that nature. And, again, our principles and what we're keeping us focused on was the fact that no, we didn't, we didn't need that. We didn't want to do things that built on responsible disclosures that built on getting relationships formed and sustained because we know we can get a lot more out of that. In the long run than any short term fix or surprise or anything like that. So those things really helped out and so after that, first of them, again, reluctance, hand wringing teeth gnashing concern, what are these crazy people going to do? And I'm like, what, we don't have that many crazy people in here. You kind of have some fairly middle of the road folks with a breadth of experience. We have volunteers from around the world that are participating in this. And it was a success. It was a success in the sense that we pulled off what we wanted to do. We showed how we wanted to do it.
Vamosi: Actually it started involvement from the aerospace industry. And some of the vendors now host their own internal hacker sessions.
Luczynski: And then what we've seen since then, is the benefits Boeing's been participating with us at a number of events. They also have hosted hackers and government folks up at their plant as part of their tech Advisory Council. They have recurring meetings, and we've been participating in those along with other security researchers that have been brought in to join and have those discussions the same way that I mentioned before the DoD FAA now TSA effort called aviation Cybersecurity Initiative, their regular meetings and what they do, engaging the community and where we are a part of that and we have participated we've had speakers, doing presentations with them. So those are some of the things where we've seen that change over time. And the benefit of this very focused, very specific effort and how it's helping to grow because people see the value. And we're really growing the trust of folks are more willing to talk to one another.
Mayes: I'd say at this point the really the pitch is to show that hackers aren't scary. And so whether that is introducing the right people that might be able to help a company or an organization down the line, you know, that's that's one avenue. But but really, it's it's that nobody, or at least the way that we have have designed things is is we don't plan on you know, unflashy vulnerabilities being released as a part of the village. This is not you know, like, like Steve said, this isn't some you know, gotcha type of situation. This is okay. Let's talk about some of the the weaknesses that are inherent in the the way these aerospace systems have been designed, because a lot of them go back, you know, with fundamental design choices from decades ago, when when things just that our that our issues today just weren't a concern. And so a lot of the organizations and companies do realize that there are vulnerabilities inherent in the systems and so openly talking about them is is actually I think a good thing because how can we try to mitigate those those known issues and and just talking about things that exist and exposing people so that whether it's, you know, someone learns how to download a, a weather image from a NOAA satellite, and then they're able to take that skill set and eventually get involved in trying to secure satellites down the line, or, you know, having those fundamental understanding understandings of how of how data gets transmitted from a satellite, it's just it's it's better for everyone that might want to get involved in making these things more secure.
[Music]
Vamosi:Then there’s the other side-- the hacker side. I have a laptop, with linux, so I can hack into a network or a mobile phone app, or a remote garage door opener. But with airplaines, there seems like there’s a barrier to entry; that this equipment must be expensive. In talking with Steve and Matt, though I know it's only like 30 bucks to get a software controlled radio unit. And that I can create my own Yagi antenna in the backyard and boom, it's like, suddenly I can be communicating with airplanes overhead.
Mayes That's definitely one of the things that is really interesting for people to start to understand. Is just how open so many things are. We've had a presenter that has shown how you can intercept some of the radio communications, the some of the text radio communications that come from aircraft, and you come to find out there was a point in time where credit card numbers were being displayed just in the clear and and so those things have have since improved, but But yeah, lots of demos like that where where people just don't realize that that this stuff is easily accessible and not necessarily hidden. But yeah, when it comes to you can listen in on air traffic control communications, you can see aircraft positioning through ATSB. And so we have a, one of our members set up what he called a cantenna. And it was simply, you know, I think it was a Pringles can that he set up to be able to intercept the the position information for all the airliners and aircraft that were in the Las Vegas area and display that on a map and you start to realize just how open a lot of these things are for a lot of interoperability, but these demos really do demonstrate that it's not some super secret, you know, access that you need to have to get to these things. It really is accessible like you said, with a $30 software defined radio and a laptop or Raspberry Pi. You can get access to a lot of very interesting data.
Luczynski: And I'll even be more specific because the antenna needed metal. It was a natural light beer can that he turned into the cantenna and showed how to make that at our first DEF CON in person there. And 20 times in 2019. So and then to add on to what Matt said about what I'm showing you visually but for the audience. The idea of an SDR radio dongle and antenna less than $50 off of Amazon and you combine that with that project and how do you bring in these weather satellite signals? How do you bring in ATSB signals from aircraft? One of the smart folks that are on the village team designed a badge that we've had and we've sold us a number of times that the entire badge is in the shape of an airliner. If you connect that antenna to one engine, you get the NOAA satellite signals and pictures you can download. You connect to the other engine, that same antenna you get ATSB signals and the paper for how to do all of this the students who help this professor with the idea they did a talk on it for us and 2020 that's on our YouTube channel and all the bill of material that GitHub for the code to do all of this. It's out there. And it's that it's that kind of thing that's not access to the big giant pieces of equipment on airliners and things of that nature that we talked about. But it's the idea of understanding how these systems come together that you can do with what's out there with creative hacking thinking, to be able to teach folks this and that's one of the things we've really seen the benefit of.
Mayes: One of the themes that we really strive for is a crawl, walk, run. And so you're going to have people that show up that barely know anything about the aerospace sector. And so one of the groups that has been very helpful for us with the villages defense digital service, and one of the activities they've done, they do a wide range of activities, but one of them that's very popular is called bricks in the air. And it's it's just a it's a Lego airplane, where they've set up some things that you can just do some basic hacking on just as a sample of you know, it's not a real airplane system, but you can make one of the engines stop and you can make it start smoking and you can make all sorts of adjustments to the airplane over this, you know, fake setup that they have. But the idea is that, you know, there are commands that are being transmitted to different sections of the airplane and you can modify those commands. And so just a very basic introduction to, you know, airplane hacking, you could say, and then as the complexity increases, you get all the way up to what we probably talked about in the past being a very popular event called hacker stat. And that's at the you know, the the, the very complex end of things where people are competing. And ultimately, two years ago, were able to actually send commands to a real satellite in space to take a picture and, and it's just incredible that that all of this is all related to the village.
[MUSIC]
Vamosi: Given the size of airplanes, you might be thinking it’s a grand ballroom full of equipment, or an airport hanger, but in reality, it’s pretty small. I asked Steve to give me a walkthrough of what the village looked like in 2019, and might in the future.
Luczynski: So I'll give you a we've had one in our column one and a half in person events because of 2019 and then getting to do quite a bit in 2021 and then we're not quite doing airplane yet. We're not very far away. So the village is depending on the venue for DEF CON in the space available and who else is doing what? The conference space we are one small part of it with the other village. But the area that we had in 2019 for example. I'd like to think of an Olympic sized swimming pool worth of floor space, where off on one end We had an F 35 simulator that the Air Force brought in for us. We have some tables and things for folks to hang out. We had a video feed showing a bug bounty effort that was being done on an FFT maintenance system. It wasn't in the same venue. We didn't have room for it, but it was the folks who were running that from Sinag the Defense Digital Service who were bringing that in and talking about what these folks were doing. Next to that we had a virtual reality training that the Air Force uses for pilot training. And so just getting to see that some of those that the simulator and the VR goggles were interesting to bring people in not necessarily to hack on them. But it certainly drew a crowd. But we also had what looked like a general aviation cockpit with the equipment on just basic plywood. But what it was operating on has power to it and the guy who built it, Patrick Kiley, worked for rapid seven and for that event rapid seven because his words have found a vulnerability in Canvas and did a coordinated disclosure with DHS and he was able to be there with his equipment. Talk to folks coming up and show this is how it works. Here's the problem and here's what it looks like when it isn't working correctly. So not only did you have the technically smart person who's talking about it, but there's the gear right there that you could touch and see and interact with and you get to learn what he was doing. In addition to that, and towards the other side of things. We had a display area where the cantenna that we mentioned before was on display had a small workshop, our chief hacking Officer Jim Ross did some great work and he was showing folks how he built that antenna, how it works. And he had displayed the air traffic over the top of Las Vegas that that antenna could pick up and in that same area. We had a couple of tables set up and our pen test partners. They're based in the UK they were there and they had pieces of aircraft equipment. It's not the latest and greatest cutting edge. They did not want to do anything like that but it was simple equipment showing this is what it looks like. Here's what the inside looks like. Here are the protocols that are in there, that language is decoding the things in their work that they know how this equipment works, that they could interact with folks and talk to him about it.
Vamosi: Not only does the village have booths and equipment, they have world-class speakers.
Luczynski: And then we were able to have a few talks in that area but also we had another that we shared for presentation. So we had a number of folks coming in talking across the range of aviation cybersecurity policy issues from a government perspective, things that other folks had done from the hacking perspective and being able to talk about those in a small audience of about 100 people at a time. So it was a good variety of things. And then Matt mentioned it before like what we did last year: we had a hybrid both virtual and in person presence at DEF CON. And in that sense because we built up a great partnership between the Air Force Air Force Research Labs defense digital and the hack cassette ever, in bringing in folks who had a flat set on the table showing how it works. Here's the actual device. Here are how things work on that. Our support from Boeing having an electronic flight bag and talking about what this piece of equipment looks like and how it interacts and how pilots use it.
Vamosi: So the village is a mini conference -- it has presentations, it has its own activities. And the talks are pretty good.
Luczynski: And again, those types of things that in addition to the number of presentations and the presentation part, I'd say are pretty easy and if nothing else. So one of the benefits of being apart and learning how to operate virtually is a little bit more availability for folks instead of having to travel to talk. There's a number of things on our YouTube channel, that the presentations we've had virtually and what we intend to continue bringing into the event. We've had Pam Melroy, a former shuttle astronaut, made up to the space station, think on two different missions. She's now the deputy administrator at NASA. She talked about programming to save weight for space missions, and bringing the internet to the International Space Station. So it's just absolutely fascinating. The scissors from the FAA talking about the work he does across the aviation sector. So again, the range of folks from the government operator side, pen test partners doing a tour of the 747 and the different computer equipment on that. I've done a talk with some young folks about their work in the different parts of the aerospace sector, government, non government type of jobs, and then other researchers with very technical in depth, detailed talks. Just a number of things. So it's been good to see the variety of what we've been able to bring in as we continue to get more and more support. So that's and we want to continue that momentum as we're going forward. And we see that happening.
Mayes: I could list off all the different workshops and speakers we've had. It really is just an impressive list of groups and people that we've had be a part of the village and you really, I'd like to say you could almost spend the entire conference just in our village. It really is impressive. Just the wide range of activities available right.
[MUSIC]
Vamosi: Since these villages are mini hacking conferences within larger hacking conferences, it makes sense that in addition to having their own speakers, they would have their own capture the flag competitions. And the Aerospace village is no different.
Mayes: So we've actually again, sort of down the path of crawl, walk, run our CTFs have also run the gamut there from really just basic puzzles all virtual to the to the sort of the grand challenge of sorts. The hacker sat CTF where it had dedicated qualification rounds and then the finals were done as a part of DEF CON two years ago. And at that in Hackensack to then take place this last year. And and so, while the finals for hack set two were not a part of DEF CON, their presence was there talking about a lot of the different challenges that were available in the puzzles and that all of the skills that needed to go into taking part in their CTF so it very much was was there but yeah, there's, we have CTFs for for all ranges of interests and abilities.
Luczynski: I think one of the key things I'll add on to that, like what Matt was saying is Pakistan itself is an effort that the Air Force started again, Dr. Roper P. Cooper, one of our co-founders, collaboration and coming up with that idea. That's probably as close to a cocktail napkin type of an idea that I mentioned before, and so seeing that come out that as a collaboration of you know, where you might think a typical standoffish government or military entity, but the willingness to engage the willingness to do things that are interesting to our audience to this community, and where it's really taken off in popularity. It's an incredibly well run event. It's a great partnership between Pakistan and the village. It is not something that we invented but we are happy to help them participate and engage with our audience because of what they bring to the challenge itself. Anybody can join in and there's a number of things that they have. I'll say simple questions, because they're certainly some more simple than some of the higher end things, the questions and the tasks that you have to know to be competitive at that super high, highly skilled level that the folks who are winning these events have. And that's what makes it interesting because it's things from orbital mechanics to coding to security to understanding when that satellites overhead is when I can do something and then it goes away. So I got to do other work until it comes back and have to learn all of that and get an appreciation for that. And then like and what Matt said about you know, that's the absolute run to a sprint and then some level but the the more basic things coming in where they're not necessarily a capture the flag, but what he mentioned before with bricks in the air. We continue to develop those kinds of CTF challenges and we're working with partners now to bring that in. Because we do want folks to be engaged in a way that is challenging, but that's what they need, that they just want to get exposure and learn it. Absolutely. We want to have that for them. And as they're developing their skills, we want to give them the resources to go to where to go to or the events at things like DEF CON, so that they can do that with somebody there in person to help them out. And so we're continuing to develop that and that's paying off very well and folks are appreciating getting this opportunity.
Mayes: And it probably is good to mention that again to emphasize that we are not the ones that are actually developing the CTFs and that's where we just have some great partners. So again, Hack-a-Sat was something done by AFRL. And then we have Cal Poly they did the entry level CTF So California Polytechnic State University. And what's interesting about that was their CTF was actually ultimately used as part of the California cyber Innovation Challenge. And so that was a a high school level program. And and so just a great introduction for people trying to, you know, figure out if maybe an aerospace career might be for them. And then the aviation ISAC sponsored a CTF with that actually was developed by Embry Riddle Aeronautical University and that was sort of our, our middle level. CTF. And so it really is. I mean, yeah, some very creative people are coming up with some interesting challenges. Again, no matter what level you're you're looking.
[MUSIC?]
Vamosi: So we mentioned that these villages draw a subset of people at the larger conference, and some spend their entire time in the village, not the larger conference. I’m wondering, who then are the people who are drawn to the aerospace village -- hackers? Or pilots? Or both?
Mayes: So yeah, the personalities that are attracted to the village of course run the gamut. It's fascinating to see just how many people are interested in aerospace when they come by the village, not really knowing the ins and outs. And so it is that at least this last year tended to be people that are familiar with hacking and are familiar with. You know that side of things, if you will, and then but just don't know much about aerospace and it was really neat to see a lot of those people going up and interacting with, with, of course, different government agencies as well as you know, the actual satellites themselves and striking up those conversations with people. So I typically did not see many existing pilots that were coming through and you know, and expanding in that direction, it tended to be more of the existing hackers that were expanding out into learning more about aerospace, Steve.
Luczynski: Yeah, you bet. Um, so that first year we had a number of folks that were working on the village itself, and I may have mentioned it before. It was great to see we had a number of folks from the UK, all across the states. And at the event itself. Other folks just showed up. They were at DEF CON but they wanted to spend their time with the village and they spent their entire time hanging out volunteering, helping put on a great event. And I know we have folks from all different countries. And since then, especially in the virtual events where we've had different speakers from around the world and when we look at as much as we can who's following and Where They're From on our social media. The options or the opportunities we've had, we supported a number of us, did a top for the echo party 2021 down and hosted in Argentina last year. And you know, getting folks like that so we're seeing around the world participation volunteers. One of our volunteers lives in Japan, with a Space Operations company. So just continuing to see all of that happening. And then their backgrounds. You're talking about personalities. Matt and I come because I have a military background from flying a policy. I'm not the guy on the keyboard. I want to understand it but when I was in the private sector, my guys kept me away from the keyboard like Go Go do your paperwork and in big thinking policy executive stuff, but understanding that and government and then you have folks like Matt said you know he has had hands on doing the technical work. Other folks who are absolutely. Their background is in the cybersecurity industry, the company work they do. One of the guys has been red teaming for his entire career across a number of big, big companies. Others that are just students wanting to learn they're either doing some sort of cybersecurity degree, or they want to get into it, professors that are helping out. And so it's just great to see that variety of folks coming in, whether it's from the different countries they're coming into this the backgrounds they bring to this and the capabilities it's . It's fun to do those things because you see the motivation these are nobodies being made to do it. They're all self-selecting. Yes, I'm gonna give my time. Like now you know, I am not doing anything with my company. This is my personal time that I'm happy to do this. I'm happy to talk about these things. Because it's a good hobby.
Vamosi: I mentioned that the aerospace village came about because of a few volunteers. That’s still true to day. The Aerospace village needs volunteers to keep operating and to keep growing.
Luczynski: I want you to ask how people can get involved because I want to tell them, then got it. That is absolutely true. My job is to help network and connect folks to our work to bring in folks to support us, because of what Matt's team does and what he's a part of. His focus is whether we are going to an event like DEF CON or going to RSA. There's a number of other things that we tried to be there where our audiences and person or expand our audience to more of that kind of business side of things like RSA or government events or others. It takes a lot of effort. And these guys do an amazing job the entire team. So if you want to volunteer, absolutely, please take a look at aerospace village.org That's our website. You can volunteer, you can volunteer as much or as little as you want. We have regular meetings, talking about things we want to do and then when it comes time to actually execute. We're already getting our planning going for DEF CON. So we'll be sending out a call for papers, a call for presentations, activities that folks want to bring in things of that nature. So yes, please, please feel free to jump in and join us. And if you want to bring things you want to be a partner with us, we are absolutely looking for that if you have equipment, demonstrations, online activities, the whole point and you've heard us mention this and that crawl, walk, run. It's exposing our audience to things they can do. Because that's where creativity comes out. And that's where you see them. Dig into things and come up with ideas. And that's the beauty of bringing all these folks together. I will gladly take monetary support. Absolutely. Because we need that to get the things that bring people in to allow folks to get to attend these events in a way that we can continue to grow these things. So any of those types of support. And if you just want to learn all of the videos, the virtual presentations and things we've done, we have a link on our website, aerospace village.org And you can get to our YouTube page and you can see all the things that we've done in the past between DEF CON and RSA. And we're happy to share that we're happy to talk to folks. Yeah, please feel free to visit and let us know what you think.
Vamosi: I’d like to thank Steve and Matt for talking about their work with the Aerospace Village. And if you take one thing from this podcast, it’s that there are good people, hackers looking at the problems in aviation now, working with industry and government, so that we know we can continue to fly with confidence. And not buy into all that Hollywood FUD. I hope to talk to them more with them in the future. I don’t know about you, but hacking spacecraft is really interesting. You have think in terms of two body problems or two-line element set (TLE), and three dimensional math. … well, it’s a new frontier for hackers. Literally, a new frontier.
Let's keep this conversation going. DM me at Robert Vamosi on Twitter, or join me on subreddit or Discord. You can find the deets at thehackermind.com
The Hacker Mind is brought to you every two weeks commercial-free from ForAllSecure.
For the Hacker Mind, I remain, with my feet firmly on the ground, Robert Vamosi
Add Mayhem to Your DevSecOps for Free.
Get a full-featured 30 day free trial.