A Tribute to Dr. Strangelove

Presented at DerbyCon 1.0 (2011), Oct. 2, 2011, 9 a.m. (50 minutes)

Building on the concept of taking security out of the desktop and server closets from 2010 when we attacked cars and busses….and then earlier this year when we picked on tractors…..we are going to see if we can get ourselves into some hot water by picking on airplanes and missiles. This talk will examine the role of the computer systems in the modern plane and the challenges surrounding the implementation of the security in both the core systems that ensure 250+ tons of metal stays in the air…as well as the 3rd party companies that are meant to support them. We will put forth some practical ideas and theories on how to compromise the architecture and of course the scenario’s of “what if” will be worked through. The talk is designed to be a back/forth discussion with the audience specifically around the scenarios and the various controls in place within the plane’s network to identify and deal with any such argument we can put forth.

We are going to focus on the commercial world of passenger transportation, however will touch upon the military crossovers where fully understood. We will discuss the data acquisition and modeling architectures as well as the BUS and core logic systems that are implemented within several identified plane types, and again as above we will run through scenarios and explain the logic involved in bypassing (fooling) the design.

Quite simply put we will theorize on how to turn the engines off at 35000 feet and not have any of those damn flashing warning lights go off in the cockpit….needless to say this is all theory (Please don’t try this on the way home, and only use on a tame “owned” 747.)

While we’re at it, we will examine those very same companies who produce components for the Boeing and Airbus industries and assess the military technology they produce, specifically that which is placed in the more “smart” type weapons, and how to influence the guidance and other targets, preferably “pre-build” again using a combination of research (Google ideas thanks to Johnny Long) and direct manufacturing influences.


  • Chris Roberts as Chris Roberts (@Sidragon1)
    Chris Roberts is the Founder, CISO and Chief Geek of One World Labs, an assessment, remediation and research facility in the Front Range area of Colorado. Chris has played a variety of roles both inside and as a consultant to the IT security, engineering, and architecture/design operations of a number of Fortune 500 companies across the finance, retail, energy, and services sectors. He has a wealth of experience conducting vulnerability assessments, penetration testing, compromise investigations, and digital forensics examinations of all types of information systems.

Similar Presentations: