Thursday, April 11, 2013
Story originally appeared on CNN.
Could this be the deadliest smartphone app ever?
A German security consultant, who's also a commercial pilot, has demonstrated tools he says could be used to hijack an airplane remotely, using just an Android phone.
Speaking at the Hack in the Box security summit in Amsterdam, the Netherlands, Hugo Teso said Wednesday that he spent three years developing SIMON, a framework of malicious code that could be used to attack and exploit airline security software, and an Android app to run it that he calls PlaneSploit.
Using a flight simulator, Teso showed off the ability to change the speed, altitude and direction of a virtual airplane by sending radio signals to its flight-management system. Current security systems don't have strong enough authentication methods to make sure the commands are coming from a legitimate source, he said.
"You can use this system to modify approximately everything related to the navigation of the plane," Teso told Forbes after his presentation. "That includes a lot of nasty things."
Hugo Teso told a crowd at an Amsterdam conference that he spent three years coding the tools he used.
He told the crowd that the tools also could be used to do things like change what's on a pilot's display screen or turn off the lights in the cockpit. With the Android app he created, he said he could remotely control a plane by simply tapping pre-loaded commands like "Please Go Here" and the ominous "Visit Ground."
Teso says he developed SIMON in a way that makes it work only in virtual environments, not on actual aircraft.
"His testing laboratory consists of a series of software and hardware products, but the connection and communication methods, as well as ways of exploitation, are absolutely the same as they would be in an actual real-world scenario," analysts at Help Net Security wrote in a blog post.
Teso told the crowd that he used flight-management hardware that he bought on eBay and publicly available flight-simulator software that contains at least some of the same computer coding as real flight software.
Analyst Graham Cluley of Sophos Security said it's unclear how devastating Teso's find would be if unleashed on an actual airplane.
"No one else has had an opportunity to test this researcher's claims as he has, thankfully, kept secret details of the vulnerabilities he was able to exploit," Cluley said. "We are also told that he has informed the relevant bodies, so steps can be taken to patch any security holes before someone with more malicious intent has an opportunity to exploit them."
Teso said at the summit that he's reached out to the companies that make the systems he exploited and that they were receptive to addressing his concerns. He also said he's contacted aviation safety officials in the United States and Europe.
"From the sound of things, this researcher has got himself a lot of media attention, but still believes in responsible disclosure, rather than potentially putting aircraft and passengers at risk," Cluley said.
Teso isn't the first so-called "white hat" hacker to expose what appear to be holes in air-traffic security.
Last year, at the Black Hat security conference in Las Vegas, computer scientist Andrei Costin discussed weaknesses he said he found in a new U.S. air-traffic security system set to roll out next year. The flaws he found weren't instantly catastrophic, he said, but could be used to track private airplanes, intercept messages and jam communications between planes and air-traffic control.
Friday, April 5, 2013
Story originally appeared on the Guardian.
The chairman of Hewlett-Packard has stepped down and its two longest-serving independent directors are to leave the board as the fallout from the firm's disastrous acquisition of British software firm Autonomy continues.
Two weeks ago at HP's annual meeting, chairman Raymond Lane and directors John Hammergren and Kennedy Thompson scraped through a vote on their re-election with the slimmest of margins.
They were rebuked for mistakes at the world's largest maker of personal computers, including the ousting of two chief executives in as many years and admissions that recent acquisitions are worth billions of dollars less than their purchase price.
Lane has been replaced as chairman on an interim basis by activist investor Ralph Whitworth, who has sat on the HP board since 2011, but will remain a director. Hammergren and Thompson, who have served for eight and seven years respectively, will stay only until the May board meeting and a search is underway for their replacements.
"After reflecting on the stockholder vote last month, I've decided to step down as executive chairman to reduce any distraction from HP's ongoing turnaround," said Lane. "I'm proud of the board we've built and the progress we've made to date in restoring the company. I will continue to serve HP as a director and help finish the job."
Lane, a former executive at leading software firm Oracle, was in charge when the previous HP chief executive Léo Apotheker was given the go-ahead to spend $11.7bn (£7.7bn) acquiring Autonomy, then listed on the London Stock Exchange.
HP's attempts to move away from the low margin PC business into more profitable software sales failed to convince investors, and after a 40% drop in the share price and less than a year in the top job, Apotheker was forced out.
Lane held on, helping to install fellow HP board member and Ebay's former chief executive Meg Whitman as Apotheker's successor. But 41% of shareholders opposed his re-election last month, while 46% voted against Hammergren and 45% against Thompson.
A spokesman for one of the largest North American pension funds, the California Public Employees' Retirement System (Calpers), took the floor at the annual meeting to express "extreme concern with HP's path in recent years".
HP's new interim chairman has a reputation for building small stakes in troubled companies in order to fight his way on to the board and agitate for change. Whitworth's previous scalps include Robert Nardelli, whom he helped oust as chief executive of retailer Home Depot, and mobile network Sprint Nextel's Gary Forsee. His firm, Relational Investors, owns $800m of HP shares.
"Ray, John and Ken are terrific leaders, and they're passionate about doing the right thing for HP," said Whitworth. "Meg is leading a Herculean turnaround, so most of all, we must build and maintain the best possible leadership structure for Meg and HP's entire team to succeed."