Expert Shares Thoughts on Disappearance of Malaysia Airlines Flight MH370


What happened to Malaysia Airlines flight MH370?

Malaysia Airlines flight MH370 is still nowhere to be found. There are a number of theories on what might have happened to it, but there’s no solid evidence to support any of them.

It might have been hijacked by one of the pilots, or it could be an act of terrorism. The plane could have also been hijacked by a hacker with a laptop or a smartphone, as some have suggested. Some experts say that hijacking an airplane with a computer is totally plausible, but others doubt that this is the case.

Nicholas Lemonias, an information security expert with Advanced Information Security Corp who has recently published a thesis on satellite communication vulnerabilities, has been kind enough to share some thoughts with Softpedia on the disappearance of the MH370 flight.

Here’s what Lemonias told us:

“There has been quite a lot of speculation regarding the Malaysian flight MH370, but there is little evidence to back up any theory so far.

However, looking at the sequence of events and occurrences using a probabilistic approach, and more precisely using the concept of conditional probability, I am not of the belief that the plane crashed due to an inherent technical fault, because if that was the case the plane would
have crashed within a probable range and the wreckage would be observed by satellite technology.

Thus said, there has been quite a lot of speculation leading to beliefs that the plane may have been remotely hacked. However this scenario is probable, I am also not of the belief that
the plane has been remotely exploited, due to the sophistication of the attack and the sophistication of knowledge the attacker needs to have about the targeted systems.

The ADS Broadcast system is a radar substitute, and is responsible for broadcasting information about the aircraft.

Therefore this system is inherently vulnerable and lacks the fundamental security properties of Confidentiality, Integrity, Availability & Non Repudiation. Therefore this non-adherence to security design principles, makes this system subtle to eavesdropping, message falsification attacks, replay and reordering attacks, message injections.

However, for a successful exploitation to occur, the hacker would also have to penetrate the Aircraft’s Communications Addressing and Report System (ACARS) that is used to send and receive messages to air traffic controllers.

This technology works both via satellite or radio frequencies. The system uses a digital data link for the exchange of messages between two end points. Furthermore the (ACARS) system is also inherently vulnerable to passive and active attacks, as it also lacks fundamental security properties by design.

In theory this is possible, but for this scenario to be realistic, an attacker would need to exploit some “zero day” vulnerabilities in the commercial FMS software used by Boeing aircrafts.
Thus said the most an attacker could achieve without knowledge of the actual system, is a system crash.

On the scale of things, the probabilities for terrorism and hijacking are potent since there have been indications that some passengers bypassed physical security controls. Black-box testing a software flight simulator may have been a potent ground for experimentation and enumeration of the closest match to the commercial software used by Boeing’s FMS.

Boeing 777 FMS

In my expertise, satellite technologies can help find out more about what has occurred. Satellite services can be provided over a wide geographical area, including remote, rural, urban, and inaccessible areas. Satellite systems have a global reach with very flexible bandwidth- on-demand capabilities.

Alternative channels can also be provided for connections that have unpredictable bandwidth demands and tracking characteristics to achieve maximum resource utilization.

A number of scientific or meteorological satellites, divergent in scope make use of cameras and therefore provide real time footage over a wide geographical area, and some of them with high visibility capabilities and timestamps.

Rescue satellites could also provide more information about the exact times that the plane broadcasted a signal. The personal cellphones of the passengers may also be connected to a satellite network as we speak, since a lot of smartphones can exchange messages and GPS coordinates by design.”

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s