Boeing 757 Remotely Hacked by DHS, Windows ASLR Doesn't Always Work
Mazin Jindeel
INFORMATION SECURITY NEWS
For The Week of 11/15-11/21 2017
The Information Security News Service is a project of LARS (Laboratory for Advanced Research in Systems) in the CS Department at the University of Minnesota Duluth. We send out top stories in information security every Tuesday (except during some academic breaks). If you have stories you’d like to see featured, please email them to infosec...@d.umn.edu.
CURRENT NEWS
Boeing 757 Remotely Hacked by Homeland Security Team
A ago, a team from the Department of Homeland Security was able to remotely hack a Boeing 757 parked at the Atlantic City Airport. The attack was described as a “remote, non-cooperative penetration”. This means that the hack was performed entirely using technology that could get through airport security. The details are classified, but the DHS says the hack was achieved by accessing the 757’s “radio frequency communications”. This doesn’t really tell us much, because airplanes tend not to have any other type of communications (they certainly aren’t on LANs). https://www.csoonline.com/article/3236721/security/homeland-security-team-remotely-hacked-a-boeing-757.html
Windows ASLR Doesn’t Work if set By Windows Defender Exploit Guard or EMET
Address Space Layout Randomization (ASLR) can prevent buffer overflow attacks from resulting in code execution. Starting with Windows 8, the way Windows does ASLR changed. Windows Defender Exploit Guard and Windows EMET both rely on having the ASLR set to be bottom up, however due to an oversight, the default value of “On” for ASLR is not set. When applications that do not rely on dynamic base addresses execute, they will all start in a different (but predictable and not random) location. In short, the registry key that Windows 8 ASLR depends on is unset which removes the address randomization allowing for easier attacks by an experienced attacker.
https://www.kb.cert.org/vuls/id/817544