Skip to content ↓ | Skip to navigation ↓

After a hack-filled week at Black Hat and DEFCON, I realize Las Vegas has always been the appropriate place for these events because much like the virtual world, it shouldn’t exist. Like the Internet, the city sprung up where there was nothing, created through a combination of human ingenuity, tenacity and of course, a bit of greed.

Like Las Vegas, we are often dazzled by the lights and illusions of the Internet as it expands, often forgetting that there is a darker, seedier side that runs in parallel and preys on those not paying attention, or whose guard is down, for money, power or plain ego.

When it comes to technology, the house doesn’t always win. Once the rules and algorithms are understood, they can be manipulated, torn apart and with some morale flexibility, can be used for nefarious purposes. DEFCON, to me, isn’t so much about hacking all the things, but understanding where we are weak.

Airport Point-of-Sale Attacks

Airport Kiosk

One session I really enjoyed at DEFCON was “PoS Attacking the Traveling Salesman” with researchers Tsagkarakis Nikolaos and  Alex Zacharis, where they discussed multiple vulnerabilities they discovered in airport kiosks, such as those used to check-in, purchase wi-fi time and others. They highlighted that airports are a target because business travelers are in a hurry and more willing to trade privacy and security for communication from rogue access points and kiosk systems, both which may easily be compromised.

The kiosks themselves had poor security. Although considered point-of-sale systems, they lack the security of actual payment systems since they do not deal with credit cards, making it unlikely that the devices adhered to basic security controls that even PCI DSS requires. Many of these devices have web cameras, open USB ports and either lack authentication or are easily cracked. Others simply ran unpatched operating systems that could easily be exploited.

The devices could give someone with malicious intent, eyes in the airports through the web camera and the ability to gather information about passengers on specific flights. Often times, these devices are also networked to other systems and can serve as a beachhead for further attacks. Methods and techniques for fuzzing the QR/barcode reader was an added bonus.

Cyberhijacking Airplanes Myth Busting

Hacking Airliners: Myth Busting

Before Black Hat, there were some bold claims regarding a talk giving the impression that planes can be hacked through the onboard Wi-Fi. I was happy to see Phil Polstra bring some reason to much of these claims and provide less FUD fueled presentation outlining the facts. Although there are some security weaknesses, such as lack of encryption in most aviation communication protocols, I didn’t need to worry about my plane being hacked on the way home.

In my hotel room, a friend showed me how he easy it was to get information from planes flying overhead. Using his HackRF, he was able to extract the 24-bit Airframe Address assigned by the ICAO. From this, we could easily lookup aircraft type, owner, tail number and sometimes even a recent photo on

I immediately saw a future chained exploit where data extracted from compromised check-in terminals paired with this radio sniffing Airframe Addresses, could identify not only what plane was flying above but also who was on it.

Taking Over the Airwaves: Software Defined Radio Hacks 

HackRF Portapack

Speaking of the HackRF, there were a lot of presentations around RF hacking with Software Defined Radio at both Black Hat and DEFCON, at least more than previous years it seemed. The Wireless Village had a full schedule with several excellent presentations, including Tripwire’s own Craig Young.

Michael Ossman and Jared Boone did a great presentation on HackRF and the soon to be launched PortaPack. This year there was even a Wireless Capture the Flag (WCTF), along with presentations on using RF in penetration testing scenarios.

There are a lot of great SDR hardware tools coming out, it will be interesting to see how new attack and defensive tools are developed over the next year taking advantage of these new tools. I even included a slide on the potential risk of rogue mesh networks planted by a technically savvy insider in my BSides Las Vegas presentation, hoping to have a prototype working in the near future.




picCheck out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the Heartbleed vulnerability.

picThe Executive’s Guide to the Top 20 Critical Security Controls

Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].

Tripwire University
  • Your point on, "Once the rules and algorithms are understood, they can be manipulated, torn apart and with some morale flexibility, can be used for nefarious purposes" is exactly where cybersecurity problems reside. Cloud services, apps, IoT and analytics all use algorithms as their base technology and the projected use of these smart products and services going up by the billions.

    Knowing the vulnerability of algorithms we need to find different ways to authenticate, view, audit analyse and block the bombardment smart technologies during data in motion if we are to assure the security of these new smart technologies and the algorithms they operate under. I discuss the problems and solutions to these cyber attack capabilities in a the following video presentation and we need a paradigm shift in how we process information to correct these cybersecurity vulnerabilities.

  • Jon

    In cases such as those you mention above I never know whether to be worried or impressed. After all, in many ways airport security is an “arms race” in itself as “nefarious” individuals seek to find and exploit vulnerabilities while manufacturers and security companies aim to beat them to the loopholes.

    It’s clear, whatever the case, that security firms can never est on their laurels. They need to be making constantly changes, adjustments and improvements in order to keep data as secure as humanly possible.