Security: Are you looking at the right risks?

Millions (billions?) of dollars, hours of time, and degredations of privacy and dignity all go into trying to reduce the chance of someone being able to sneak a Toothpaste Bomb (over 3oz!) onto a plane.


An extremely well attended talk by Hugo Teso, a security consultant at n.runs AG in Germany, about the completely realistic scenario of plane hijacking via a simple Android app has galvanized the crowd attending the Hack In The Box Conference in Amsterdam today….

One of the two technologies he abused is the Automatic Dependent Surveillance-Broadcast (ADS-B), which sends information about each aircraft (identification, current position, altitude, and so on) through an on-board transmitter to air traffic controllers… The other one is the Aircraft Communications Addressing and Reporting System (ACARS), which is used to exchange messages between aircrafts and air traffic controllers… Both of these technologies are massively insecure and are susceptible to a number of passive and active attacks.

You are only as secure as your weakest point. Are your security efforts focused on the weakest points and highest risks?

(Of course, in the library world, being focused on any security risks would, sadly, typically be a step forward).


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s