- Introductions to the challenges of modern aviation and technology
- Maintenance and asset management
- FAA requirements and recalls
- Weaknesses in the exposure to various parts databases
- Lack of required security testing by the FAA on maintenance software
- Software utilized in a modern airframe
- Explanation of what types of software is in use on both planes and weight balancing
- Buffer overflows, the FAA requires memory checks to ensure they stay within hardware operating parameters. But, no full boundary checks.
- Explanation of current challenges: F35a has buffer overflow issues requiring a manual reboot of the flight computer, in flight
- Gate logic doesn't equal good code or secure code: explaination of how the software is written whilst pointing out memory leaks, incompatibility with ease of patching unless substantial down time (except the 787) and the lack of any security testing for any aviation software on a plane.
- Exposure of various airframe manufacturer systems.
- Exposure of various airport ticketing and maintenance systems
More Than Turbulence- Aviation Software Vulnerabilities & Exploitation
Chris Kubecka is an experienced, committed, energetic and certified digital security expert who is passionate about solutions. Author of multiple books including the 2019 release of Hack the World with OSINT. Over 20 years of professional experience ranging from military, government, public and private business. Prior to establishing HypaSec in 2015, Chris established and headed network and security operations teams, ICS security, international joint intelligence teams, EU/UK privacy group for EMEA and South American (outside Saudi Arabia) for Aramco Overseas Company, part of Saudi Aramco. Tasked with setting up digital security after the 2012 Shamoon attacks and featured on Darknet Diaries episode 30 Shamoon. At Unisys she advised flagship clients at Lloyds TSB and Danone on their overall security and incident response. It is no surprise that outside of work she continues to tap into his love for research by pursuing IoT and ICS exploitation and defense of critical infrastructure.