Sometimes the most sophisticated technological developments depend on outdated technology, mention experts in a pentesting course. After a group of Pen Test Partners researchers analyzed an abandoned Boeing 747-400 aircraft, it was discovered that these aircraft still use floppy disks to load critical navigation databases.
The finding was presented during the participation of Alex Lomas, a member of the team of researchers, at the DEF CON conference, held in a virtual way. The investigator even detailed his journey through the abandoned plane.
For security reasons, manufacturers do not allow researchers to search their systems, mentioned experts in pentesting course. However, a British airline decided to get rid of a Boeing 747, allowing researchers to take a look at the aircraft before it was scrapped.
When touring the aircraft, Lomas pointed to the navigation database charger: “This database has to be updated every 28 days, work that, in theory, corresponds to an engineer,” Lomas says, pointing to a floppy disk that in normal operations would be hidden behind a lockable panel.
In the route you can see all kinds of cables and replaceable units in line, which resembles a server window, which are part of the electronic components of an aircraft.
In a question-and-answer session, Pen Test Partners boss Ken Munro asked Lomas about points of interest for aviation information security researchers. Lomas described several aviation-specific connectivity standards and ARINC equipment, including ARINC 664, used on the Boeing 787 and the latest generation of passenger aircraft, ARINC 629 and other potential areas of research interest, including VxWorks’ real-time operating system, which is used in the internal networks of passenger aircraft.
The main doubt of the pentesting course specialists is whether you can hack a passenger plane exploiting the security flaws and weaknesses in these components, mainly through individual entertainment systems. On this question, Lomas replied: “We have found no indication of two-way communication between the electronic systems installed in each individual seat and the information systems that are responsible for the operation of the aircraft.”
These claims have not stopped other investigators, who have tried to uncover some method of compromising a remote aircraft and abusing minor components, although this work has been unsuccessful so far.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.