Sunday, May 17, 2015

Who Is Controlling Who? The Heart And Core Of All We Do, Is Chip Based. The Computer Is Not As Safe As You Think!

Who Is Controlling Who?
The Heart And Core Of All We Do, Is Chip Based.
The Computer Is Not As Safe As You Think!
By Nick Ashton, CEO/CTO CommSmart Global Group of Companies

Updated:  This information has just been released by the FBI


I talked about how hackability of any transportation system is more than possible. This was brought about by the disappearance of the Malaysian Air MH370.

A client in transportation asked us the feasibility of such an event, knowing we fully understand both the security and hackability of computers. When you are the leader in end to end secure communications, you must under stand the good, bad and ugly capabilities of computers and their vulnerability.
 

Do not expect me to describe how this is done!

My background is not just computers, terrorism has played a large part in my life, or should I say, counter-terrorism.  It is the mind-set of these cyber and violent individuals, their reasons that are similar and connected in nature. 

When we saw how fanatical the pilot was in his simulator of the 777 in his house, you know this was not just a regular guy.

It is a fact that TRUSTED REMEDY protects all end to end data in motion and is required by all that have security issues.

I brought this up with a City we are in conversation and finalizing them using TRUSTED REMEDY.  This will ensure all their data is to be secured and the residents personal information will not be compromised, that includes their online/direct bankcard payments.  In fact very forward thinking in showing concerns for their city and citizens.  

All companies need to review their computer protection and that includes one industry we all use, banking!  More data in motion is used by retail and banks in the transactions of payments that you can imagine.  KEYTALK will secure it solidly!

Here is the story we wrote on the Malaysia plane incident:


Hackability Of All Computers Is Not Pie In The Sky!
By Nick Ashton, Founder, CEO, Tracometry Group of Companies.

On receiving a phone yesterday and being ask about the possibility of hacking or phishing an aircraft on-board computer system, we thought for blip and stated, “Of Course It Can!”

A computer is a computer, is a computer!  The question came from a client who is in an industry that has computer aided devices and wanted to know, if hacked, could the operation of said devices be controlled by someone else. 

Of course it can.

We saw on the NBC Today Show how they hacked a Prius and took total control, of acceleration, braking, steering, airbags, in fact anything that was connected via the onboard computer.  I know this not what you want to hear.

The question was asked because of the disappearance of the Malaysia flight MH370 on a journey from Kuala Lumpur to Beijing.  This is a total mystery and is a concern to all. 

We have no knowledge of what has happened, but we have logical questions and offer no solid answer, only possibilities, which in turn, need to be addressed by all manufacturers of devices that they have on-board or are computers.

All aircraft such as Boeing 777 has a full computer server installed and runs all functions of the aircraft.  By hacking the said aircraft servers, this might enable the exploitation of the network security vulnerabilities and increased risks potentially resulting in unsafe conditions for the aircraft and passengers.

This potential exploitation of security vulnerabilities may result in intentional or unintentional destruction, disruption, degradation, or exploitation of data and systems critical to the safety and maintenance of the aircraft.

As you can appreciate we understand these things because of our business in analytics and data on the move protection.  We decided to dig a little deeper and the team started the research with our unpaid staff member, Google.

With only four words in the search box, we found lots of information and it only took us to page two of the search and we came across something that was and is, extremely concerning.

Boeing Model 777: Aircraft Electronic System Security Protection From Unauthorized Internal Access

A federal register document:

FULL TITLE:

Special Conditions: Boeing Model 777-200, -300, and -300ER Series Airplanes; Aircraft Electronic System Security Protection From Unauthorized Internal Access

EXCERPT:

Discussion

The integrated network configurations in the Boeing Model 777-200, -300, and -300ER series airplanes may enable increased connectivity with external network sources and will have more interconnected networks and systems, such as passenger entertainment and information services than previous airplane models. This may enable the exploitation of network security vulnerabilities and increased risks potentially resulting in unsafe conditions for the airplanes and occupants. This potential exploitation of security vulnerabilities may result in intentional or unintentional destruction, disruption, degradation, or exploitation of data and systems critical to the safety and maintenance of the airplane. The existing regulations and guidance material did not anticipate these types of system architectures. Furthermore, 14 CFR regulations and current system safety assessment policy and techniques do not address potential security vulnerabilities which could be exploited by unauthorized access to airplane networks and servers. Therefore, these special conditions are being issued to ensure that the security (i.e., confidentiality, integrity, and availability) of airplane systems is not compromised by unauthorized wired or wireless electronic connections between the airplane information services domain, aircraft control domain, and the passenger entertainment services.
For the reasons discussed above, these special conditions contain the additional safety standards that the Administrator considers necessary to establish a level of safety equivalent to that established by the existing airworthiness standards.

So, back in August, 2012 Boeing applied to make changes to software onboard the aircraft.  I will not bore you with all the detail here.  You can go to the Internet and review for yourselves.

https://www.federalregister.gov/articles/2013/11/18/2013-27343/special-conditions-boeing-model-777-200—300-and—300er-series-airplanes-aircraft-electronic-system

It states right at the outset of the document:

The proposed architecture is novel or unusual for commercial transport airplanes by enabling connection to previously isolated data networks connected to systems that perform functions required for the safe operation of the airplane. This proposed data network and design integration may result in security vulnerabilities from intentional or unintentional corruption of data and systems critical to the safety and maintenance of the airplane. The existing regulations and guidance material did not anticipate this type of system architecture or electronic access to aircraft systems. Furthermore, regulations and current system safety assessment policy and techniques do not address potential security vulnerabilities, which could be caused by unauthorized access to aircraft data buses and servers.

In simple terms why have we not covered this and made changes to protect the aircraft and passengers?  Now we are allowing Internet on aircraft!  I mean, the knowledge of hacking, phishing and brutal attacks has been around in one form or another for a lot of years.  After all, KEYTALK has been protecting data on the move for over twenty years plus, so someone had to know!

You notice, we are not stating that this what happened.  Is it possible, yes, feasible, yes!

The door is wide open on any computer system for compromise and serious consequences.  Not just the hacking of Target, who were the bull’s-eye for being the center of customer data and information theft of up to 140 million records of their customers.

Can this be rectified quickly, effectively and not cost prohibitive?

YES!

It is all about a secure connection.  We are using passwords for this, passwords for that, pin numbers and they are all created by humans.  Created by humans and stolen by lowlife humans!

Our philosophy is simple, make the device (Server, Desktop PC/Mac, Laptop, Tablet or Smart Mobile Phone) the access point.  The devices DNA is the Key, hence TRUSTED REMEDY.

We create a bomb-proof tube that is the connection, all data in motion that travels is 100% secure.  The log on is a short lived certificate, which is encrypted beyond the normal encryption level used in government or banking.  Once verified, it becomes a direct connection to do its business.  Nothing of this connection, once completed, is left on the originators device whatsoever.

Corporations can use this for BYOD (Bring Your Own Device) with the security that pleases even the IT Department.  In fact, you can use this connection via a hotel or public hotspot without being seen whatsoever. 

Anonymously sending information and the hacker has no idea that you are doing so.

So, today we talking with our client to expand his usage and you, can also call us and understand that we have the answer.




 WE are in the NOW and KEEP YOU, IN THE KNOW...

TRUSTED REMEDY

Worldwide Call: +1 (614) 655-1247



Copyright 2015