Description Of Hacking Workshops by Ken Munro and Holly Grace Williams

I have the great great pleasure of introducing Holly yet again round of applause [Applause] but also a chap who probably doesn't know it but I've known him longer than he knows me which is a bit weird because I'm xncc group and the XM CNC in the room in the room put your hand up uh yeah so I remember you from the NCC group days but you probably won't remember that because YouTubers are trying to run out the door so um but I have watched Ken for decades I will say that in honor uh because he's an old guy just like me but the difference is he actually done some really cool stuff uh if you've never

seen anything that Ken Monroe has done you've missed a lot and there's a lot to catch up on on the catch up um but I have got the great honor to introduce Ken and Holly I'm gonna start with Holly and I'll hand over to these guys hello everybody this is just to let you know that I'm running a workshop at 11 o'clock I was just given a vague description it's like hey if we give you an hour can you do a workshop so that is the workshop the content that I've put together is like an introduction to Hands-On uh web application hacking so if you're a student and you want to see some pen testy stuff it would be good

for you maybe you're an infrastructure tester and you want to see some website would be good for you if you had any questions that didn't get answered when I did my talk still good for you if you're on a fox also good for you just want to come out and and hang out that that's fine it's going to be very very casual I've got some CTF style things I'll do some some content around CrossFit scripting and all of that kind of awful stuff uh and and that is it if you come just for a fox I will judge you but as long as you passed you will still get a box wow that was quick I've now got a pad

so I want to say a few words um first of all Lancaster University is a very soft spot in my heart I came here I studied applied physics in 1991 which makes me really old I also met my now wife here so when I was asked by besides Lancaster to come and get involved I was like absolutely bloody lutely um sadly though that's that's the good news um I read Applied Physics um I got the balance between working and studying and partying quite wrong and they kicked me out in my third year so in the middle of the early 90s recession so I ended up working at the hotel across the road for at least three years

so stayed there last night very very odd experience going back 30 years of my life yeah as a result of being kicked out um I made some very questionable career choices I am giving career advice in the careers with these later so if you want some really [ __ ] advice come and talk to me please disregard everything I say uh one thing I love about b-sides more than anything is is I get to meet my heroes and last night I got to have a beer with Chris Roberts um who I've been following for a very very long time thank God he's left the room so I can blow smoke up his ass without some embarrassing anyone

um Chris um started me on a journey a very long time ago he doesn't know but he probably remember he tweeted back in 2015 about some cyber security concerns in airplanes and that started me on a journey which combined my two loves flying and the cybers I'm a pilot I'm a ship pilot actually I have genuinely landed at the wrong airport I have caused an international incident where when my airplane was impounded by French Customs because I forgot to tell them I was coming that was a bit awkward I've had two engine failures and I've had two gear Hang-Ups so please don't ever come and fly with me you're taking your life into your own hands if you do

um but that really got me going down a path um one of the things that we all experience through the horrors of kovid um there were bizarrely a few interesting rays of light through covid um might sound odd to talk about that now but one of the the Rays of light that opened up for us was that a lot of airplanes got grounded early it meant that airplanes that were perfectly capable of flying because they couldn't fly were now grounded and a lot of those fleets were retired much earlier than they should have been it also because a lot of the airplanes were retired at once meant that the boneyards the breakers yards got backed

up which meant they had huge backlogs of airplanes sat there waiting to be taken apart so we in our wisdom picked up the phone to one of the boneyards in Campbell near Gloucester Cheltenham way and um asked what are you doing with the planes and they said well they're going to sit there until we get around to taking them apart and turning into tin cans I said right okay um if we give you money will you power them up for us like yep so we arranged to go down to Campbell um we had a little bit of security vetting went air side and were given carp launch to hack planes that were never going to fly again and as a result

of that got to learn an enormous amounts of uh about cyber security of airplanes now you've probably seen stories in the Press about hacking planes the world seems to lose its [ __ ] when someone talks about hacking an airplane so you need to be really careful don't hack planes it's illegal and dangerous we only work on airplanes that are never going to fly again which is the only way you can do it safely you cannot sit in the seat of an airplane and you cannot take control of the airplane why because the implant entertainment system is completely separate dirty Network where we go we're allowed to play and touch you don't do that right you'll be arrested you'll get

a flight ban if you're caught hacking a plane in flight there's also very very strong Network segregation between the passenger and Information Services domain and the aircraft control domain which is a bit the pilots do which is up and down you left your righty of that sort of stuff there is very very robust segregation between those domains um it even the Boeing 787 you might remember the FAA the latest launch because they weren't completely confident in the various segregation between the control domains so covid happened we've got to mess around with airplanes we also hired a couple of old pilots who'd been laid off by the airlines that make for amazing pen testers by the way really really

rigorous but we also mined them for lots of information about the use of commercial airplane systems I know how to fly I know how to use Garmin kit but I don't know how to use the sort of flight systems you find up front in a commercial airliner so we remind them for information both about the technology operating procedures and also how they're used and that's when we started to make some really interesting findings and that's when we started to realize that in order to prove these things we couldn't do it for real on a plane because we'd crash it and I'd be back right so that's why we bought flight simulators we've got two flight Sims we

couldn't get the big one here today and parade it's actually two League to go and the doors to lecture theater so we've got a smaller flight Sim and what we're using that to do is show you some vulnerabilities that we found in airplanes the plane systems are safe the plane systems are secure however Pilots are increasingly using apps and other sources of data to configure the airplane and a good example of that is the electronic flight bag now back in the day when you saw Pilots I've always had a big briefcase like this that weighed a ton and that was full of all the approach and departure plates for the various airports that we're going to

use so when you come into land there's a very specific process and really must follow with reporting points configuration systems minimum altitudes speeds directions all those sort of things and you carried a piece of paper usually made by a company called Jefferson and it had to be checked and updated every month weighed a ton and very easily quickly without a date cost a fortune to keep maintained so we use iPads now hey what could go wrong and those systems contain all of the approach charts and plates that we're going to need to tell us how to arrive at the airport but also when they get updated it's done electronically it's really quick saves a load of weight but

we've had huge advances in efficiency as well now you might not be aware that when you sit at the end of the runway in an airplane in a commercial airplane it's very very rare that the pilot uses full thrust on the engines it's almost unheard of there's a reason for that is using full thrust wears the engines excessively which costs money it burns extra fuel which costs money and it's pumped out more carbon dioxide than you need to which damages the environment so for efficiency reasons we use what's called a performance calculator to work out how much power we need to take off so that's going to involve all sorts of bits of information so the length of the

runway so if I haven't got enough Runway to accelerate I need more power if I'm heavy so I'm a big airplane fueled and put lots of freight and passengers if I'm heavy I'm going to need more power if there's not much wind coming down the runway it's going to take me more power to get up to flight speed and there's lots and lots of other different factors that go into that calculation to tell the pilot what percentage of thrust they should use that will spit out in the case of burying airplanes it's called the d-rate and it'll tell you what percentage of the thrust to use typically what you do is you're actually um the set of configuration so you still

put the throttles forward but actually the um uh flight management computer 10 tells the engines how much power to make in the case of Airbus it's called Flex Temp and it does is it puts a temperature output that fools the um pressure ratios in the engine to um producing less power than they need to so very very rarely useful power in a plane what we've discovered are a bunch of the apps and the electronic flight bags themselves have got security Claws and what that means in certain conditions some of which are remote you can actually tell the calculator to spit out the wrong amount of power so apart in a heavy plane on a short

Runway puts the wrong amount of power on and either goes off the end of the runway it has happened a man cargo flight crashed in Canada several years ago with a loss of an entire plane will recruit very sadly but what's more common the more likely to happen is the plane will tail strike now that means as the Pilot's rotating um what you'd expect to happen is the nose to go up and the plane to accelerate away and climb away before the back of the plane hits the runway now on average five to six times a day around the world tail strikes occur Anyway by pilots mishandling planes so they happen all the time there have been numerous cases where the

pilots have accidentally put the wrong data from the app into flight management systems and calls to sell tail strike 2. so the point where sometimes it's just a little rub easily fixed down markings on the paint other occasions you've seen the entire rear of the aircraft torn away we've seen damage to flight controls we've seen damage to the pressure Bob heads um a right mess however makes for a bad day right so we've discovered vulnerabilities that allow you to make Pilots crash planes that's why we have the flight simulator because we don't want to do it for real over the last couple of years we've been out doing tours around the various manufacturers and operators of airplanes

the airlines show them what we found disclosing vulnerabilities privately getting them fixed and hopefully it's just a little bit safer so that's why we've got the flight simulator here today um The Sim will be running all day I know there's kind of a workshop lined up but actually we'll be running through the um the whole day and if you want to come along and try and land our Airbus A320 we'll stick some um bad configurations in there to simulate that the plane's been hacked and you can see if you can land it and walk away very few people do so without further Ado I'll leave you to it it's time for a break come fly the

flight simulator hopefully enjoy it thank you thank you