Researchers plan ahead, work on intrusion detection system

Nov 5, 2014 09:16 GMT  ·  By

In theory, there are multiple avenues for compromising the systems of an aircraft sufficiently to lead to a crash, but researchers are developing a network architecture that would prevent “cyber-bomb” attacks.

According to David Stupples, Professor at the City University in London, a cyber-attack that would meddle with the plane would be quite difficult to execute and would require an inside individual that has sufficient access to the aircraft’s systems or the network it connects to.

Great deal of knowledge required to pull off an attack

Talking to The Guardian, Stupples said that a disgruntled employee could spread the threat when the plane connects to a data port in order to update the entertainment systems. Moreover, the attack could be conducted via direct access to the aircraft’s systems.

The compromise mission can start with reconnaissance software and evolve to malware that impacts on the systems of the plane, ultimately leading to a crash.

However, as simple as this may sound in theory, carrying out this type of mission is more difficult in reality. The knowledge an attacker needs expands to the network architecture of the flight system and should be able to move the malware from one control system to another without being detected. This is not something many individuals have access to.

However, researchers have started to work on a network infrastructure that would foil malicious attempts aiming to drop “cyber bombs.”

Together with experts at Cranfieled University, Stupples works on a system capable of identifying malware immediately after it reaches the network of the aircraft.

Once the threat is spotted trying to meddle with the flight control software, the network turns off any non-essential components in order to limit access to critical parts. Basically, the end goal is to instate a known safe state of the network.

A similar approach could work in the case of critical infrastructure, such as power stations or water plants.

Abnormal actions could indicate malware activity

The car industry faces a similar threat, but in this case, it appears that security is more evolved, as experts have already come up with a device that would detect abnormal activity and take measures to turn off the network and the higher level functions.

Charlie Miller and Chris Valasek created a $150 / €111 intrusion detection system that can be placed under the car’s dashboard and monitor for malicious activity.

Normally, it records driving patterns, but in detection mode it can identify irregular commands and block them. The device was presented at the Black Hat USA security conference this year.

At the time, the two experts said that the device worked fine during their tests because in “the automotive world, the traffic is so normalized that it’s very obvious when something happens that’s not supposed to happen.”