cRio + Metasploit = :D

[Trent B]

Where the Metasploit bit gets really interesting is the ability to reboot systems without authentication. With the amount of stuff that uses vx-works to run it is a little worrying what could possibly be done if someone hacked into a network.

A few wikipedia examples:

Robots
BMW iDrive
787 and 747-8 Planes
WRT54G Router
Apache Longbow Attack Helicopter
Lots of spacecraft.

Someone with the wrong motives could add something to get into a network (say of an Apache) and reboot it putting its operators or others in danger.

[Chris is me]

Quote:

Originally Posted by Trent B

Where the Metasploit bit gets really interesting is the ability to reboot systems without authentication. With the amount of stuff that uses vx-works to run it is a little worrying what could possibly be done if someone hacked into a network.

Have fun breaking WPA2 encryption in 3 days. (You can't.)

[EHaskins]

Quote:

Originally Posted by Chris is me

Have fun breaking WPA2 encryption in 3 days. (You can't.)

You could, but first you have to prove P = NP.

[Joe Ross]

Quote:

Originally Posted by Trent B

Someone with the wrong motives could add something to get into a network (say of an Apache) and reboot it putting its operators or others in danger.

I think if someone was able to walk up to an Apache Helicopter and plug a network cable in, undetected, the Army has much bigger problems then a single Apache being rebooted in flight.

[artdutra04]

Quote:

Originally Posted by Joe Ross

I think if someone was able to walk up to an Apache Helicopter and plug a network cable in, undetected, the Army has much bigger problems then a single Apache being rebooted in flight.

Several years ago, photos and videos from the Predator drone cameras were found on insurgents' computers in Iraq and Afghanistan.

The Predator drone used an unencrypted communication protocol so ground troops could view the video on portable video receivers.

They never counted on anyone else "flipping through the channels", and then googling how to fix a scrambled video feed.

The lesson? NEVER rely on security through obscurity.

[Chris is me]

Quote:

Originally Posted by artdutra04

Several years ago, photos and videos from the Predator drone cameras were found on insurgents' computers in Iraq and Afghanistan.

The Predator drone used an unencrypted communication protocol so ground troops could view the video on portable video receivers.

They never counted on anyone else "flipping through the channels", and then googling how to fix a scrambled video feed.

The lesson? NEVER rely on security through obscurity.

While I wholeheartedly agree, Joe Ross has a pretty good point. It's far easier to physically guard a wired router than it is to add security. If insurgents can get close enough to an Apache to connect to the network that vxworks resides on, they can disrupt its flight any number of other ways and someone made a terrible mistake

[GGCO]

Quote:

Originally Posted by Chris is me

While I wholeheartedly agree, Joe Ross has a pretty good point. It's far easier to physically guard a wired router than it is to add security. If insurgents can get close enough to an Apache to connect to the network that vxworks resides on, they can disrupt its flight any number of other ways and someone made a terrible mistake

Slightly off topic, but..

If the insurgents are close enough to the apache, why aren't they dead?

Anyways.....

[Trent B]

Quote:

Originally Posted by Joe Ross

I think if someone was able to walk up to an Apache Helicopter and plug a network cable in, undetected, the Army has much bigger problems then a single Apache being rebooted in flight.

I am not saying that someone walks in off the street into a base. What if someone in the assembly line or a mechanic for the army is really a double agent. I guess there are bigger problems to worry about at that point but it could still be costly.

And I thought WPA could be broken rather quickly if you see the handshake between the client and the host. Or does that only apply to WPA(1) not WPA2?

The Apache was just a random example, a disgruntled worker may be able to get into a cRio that would normally require authorization without it and cause a massive system to malfunction etc. With the number of things that run on it, anyone from a double agent to a disgruntled employee could cause issues.

[Zach O]

Quote:

Originally Posted by Trent B

And I thought WPA could be broken rather quickly if you see the handshake between the client and the host. Or does that only apply to WPA(1) not WPA2?

It's true for WPA2 also, but neither of them are quickly. You'd either have to brute force or run a dictionary/wordlist attack.