Facebook Twitter Instagram
    Trending
    • 5 Ways Technology Makes Your Business Efficient
    • The Journey from Tech Side Project to Return on Investment
    • Top 3 Best Tech Advancements to Help You De-Stress
    • Advancements in Car Technologies Affecting Infrastructure Development
    • David Marcus Talks about the Blurred Lines in Cybersecurity
    • Audi and the Massive Automotive Changes Between 2025 and 2030
    • How to Deploy Managed IT Services in a Mixed Mac and Windows Environment
    • 5 Tech Developments That Have Revolutionized Investing
    TechSpective
    • RSS
    • Facebook
    • Twitter
    • Google+
    • LinkedIn
    • Instagram
    • Pinterest
    • News & Analysis
      Featured
      March 6, 20211

      Fixing The World One Person At A Time: Cisco Networking Academy

      Recent
      April 9, 2021

      CISO Panel Discussion Weighs in on Cybersecurity in the Digital Age

      April 2, 2021

      FTC vs. Qualcomm: Did Apple Illegally Influence The FTC?

      April 2, 2021

      A Look at Microsoft Mesh

    • Business
      Featured
      March 6, 20211

      Fixing The World One Person At A Time: Cisco Networking Academy

      Recent
      April 21, 2021

      5 Ways Technology Makes Your Business Efficient

      April 21, 2021

      The Journey from Tech Side Project to Return on Investment

      April 19, 2021

      How to Deploy Managed IT Services in a Mixed Mac and Windows Environment

    • Security
      Featured
      March 7, 20211

      Pandemic Unmasks Vulnerability to Automated Bot Attacks

      Recent
      April 13, 2021

      Shashi Prakash Chats about Cryptocurrency and NFT Fraud

      March 30, 2021

      Exploiting Embedded Linux Devices Through the JTAG Interface

      March 28, 2021

      Zero Trust for Data

    • Microsoft
      Featured
      September 12, 20201

      The Microsoft Surface Duo: The Communications Device for Those That Think Different

      Recent
      September 12, 2020

      The Microsoft Surface Duo: The Communications Device for Those That Think Different

      July 13, 2020

      Learning from the Microsoft Store Failure

      May 15, 2020

      The Microsoft Surface Earbuds: How Many Ways Can You Say “Awesome!”?

    • Podcasts
    • Technology
      Featured
      March 1, 20212

      Could Home Study Be Better for Education? Using Technology to Craft a Better Tomorrow

      Recent
      April 21, 2021

      Top 3 Best Tech Advancements to Help You De-Stress

      April 20, 2021

      Advancements in Car Technologies Affecting Infrastructure Development

      April 19, 2021

      Audi and the Massive Automotive Changes Between 2025 and 2030

    • Reviews
      Featured
      March 4, 20210

      Dell’s UltraSharp 40 – Improving Work and Workplaces with Monitor Innovations

      Recent
      8.0
      March 29, 2021

      Review: Peril Protect

      10.0
      March 15, 2021

      Review: Tesla Puddle Lights

      9.0
      March 13, 2021

      Review: Ubiquiti UniFi Dream Machine Pro

    TechSpective
    You are at:Home»Security»Authentication»Hallway Con and Hacking Travel Technology
    IOActive Hallway Con electronic baggage tags travel technology
    Image from Pixabay

    Hallway Con and Hacking Travel Technology

    1
    By Tony Bradley on September 12, 2020 Authentication, Internet of Things, Security Awareness

    The COVID-19 pandemic has brought much of the world to its knees and sent ripples across all regions and industries. One consequence of the pandemic has been the elimination of large gatherings—meaning no in-person conferences or conventions. Events like Black Hat and Microsoft Inspire made the shift to transition to streaming online—which is great, but does not make up for the networking between peers or the serendipitous conversations that typically occur, affectionately referred to as “Hallway Con.” IOActive is stepping up to try and fill that void with the IOActive Labs Blog and a new guest blog series.

    John Sheehy, SVP of Research and Strategy for IOActive, launched the initiative with a blog post describing the need to continue the value of Hallway Con as we struggle with the pandemic. Sheehy explains, “IOActive is helping reclaim hallway con by making some of that valuable content available in a pandemic-friendly format on our blogs and in webinars. We recently launched our Guest Blog series with a post focused on emerging threats in intermodal transportation from Urban Jonson, an accomplished contributor to hallway con and leader of the Heavy Vehicle Cyber Security (HVCS) working group at NMFTA.”

    Hacking Electronic Baggage Tags

    The first post for the IOActive Labs effort to share innovative research is a post titled “Breaking Electronic Baggage Tags – Lufthansa vs British Airways” from Ruben Santamarta, Principal Security Consultant at IOActive.

    Ruben does some reverse engineering of the electronic baggage tags (EBT) used by British Airways and Lufthansa to determine if or how they can be exploited or compromised. He describes in detail how the tags work and communicate, and what information is shared. With the British Airways TAG, Ruben found a flaw that allows anyone with physical access to the EBT to forge arbitrary bag tags and update the EBT device without any further interaction from British Airways. He provides proof of concept code in the blog post.

    When notified of the issue, British Airways responded to say that they believe there are checks in place that would prevent the unauthorized bag from getting through, and that they consider the scenario to be a low risk.

    With the Lufthansa EBT, Ruben discovered that the microcontroller unit (MCU) does not implement a secure channel when communicating with the secure element. This leaves the potential for a malicious component to provide arbitrary content that will get rendered because the MCU has no way to validate whether or not it actually came from the secure element.

    Lufthansa was notified of the potential risk. Similar to British Airways, Lufthansa maintains that luggage that is manipulated would be identified and transferred to a verification process and that the risk is very low.

    Ruben sums up the research with, “I agree, there are serious limitations to turning these issues into a serious attack scenario; however, time will tell how these technologies evolve. Hopefully this kind of research will help to close any security gaps before a more significant attack vector can be discovered.”

    Innovation and Collaboration

    Cybersecurity conferences are filled with great keynotes and informative breakout sessions. However, most people who attend such events will readily agree that much—perhaps most—of the value of attending comes from the networking and conversations that happen in the hall.

    This effort by IOActive to provide an online forum where security researchers and developers can share information tries to capture some of those benefits. Check out the IOActive Labs Blog for innovative security research and an opportunity to casually engage and collaborate the way you would if or when large cybersecurity conferences become a thing again.

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleThe Microsoft Surface Duo: The Communications Device for Those That Think Different
    Next Article Digital Wellbeing: How to Avoid WhatsApp Fatigue
    Tony Bradley
    • Website
    • Facebook
    • Twitter
    • LinkedIn

    I have a passion for technology and gadgets--with a focus on Microsoft and security--and a desire to help others understand how technology can affect or improve their lives. I also love spending time with my wife, 7 kids, 2 dogs, 5 cats, 1 rabbit, 2 ferrets, a pot-bellied pig, and sulcata tortoise, and I like to think I enjoy reading and golf even though I never find time for either. You can contact me directly at tony@xpective.net. For more from me, you can follow me on Twitter, Facebook, Instagram and LinkedIn.

    Related Posts

    Shashi Prakash Chats about Cryptocurrency and NFT Fraud

    Exploiting Embedded Linux Devices Through the JTAG Interface

    Up, Up, and Away – With Your IoT Data?

    1 Comment

    1. Pingback: Hallway Con and Hacking Travel Technology – Low News

    Leave A Reply Cancel Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Site Sponsors
    Qualys
    Intel
    Adobe
    PopSpective
    Coffee and Politics
    DevOps.com
    • Technology
    • Popular
    • Top Reviews
    April 21, 2021

    Top 3 Best Tech Advancements to Help You De-Stress

    April 20, 2021

    Advancements in Car Technologies Affecting Infrastructure Development

    April 19, 2021

    Audi and the Massive Automotive Changes Between 2025 and 2030

    9.0
    July 14, 2016

    Review: Lenovo Yoga 900S

    9.5
    March 2, 2015

    Review: Asus Zenbook UX305 ultrabook

    8.0
    February 9, 2015

    Review: Burg 12 smartwatch

    9.7
    November 16, 2018

    Review: BlackVue DR900S-2CH Vehicle Dash Cam

    9.5
    September 2, 2015

    Review: Microsoft Band

    May 27, 2014

    Protect your family photos with ScanMyPhotos

    Adobe
    Popular Posts
    9.0
    July 14, 2016

    Review: Lenovo Yoga 900S

    9.5
    March 2, 2015

    Review: Asus Zenbook UX305 ultrabook

    8.0
    February 9, 2015

    Review: Burg 12 smartwatch

    PopSpective
    Adobe
    PopSpective
    About

    TechSpective covers technology trends and breaking news in a meaningful way that brings value to the story, and provides you with information that is relevant to you. We offer in-depth reporting and long-form feature stories, as well as breaking news coverage, product reviews, and community content in plain English terms, and with a unique perspective on technology.

    Adobe
    © 2020 Xpective, Inc.
    • About
    • Privacy
    • Advertise
    • Subscribe
    • Contact

    Type above and press Enter to search. Press Esc to cancel.