Flying the friendly skies

For much of this year, I flew and drove back and forth between Seattle and the San Francisco Bay Area, commuting to work whenever I could on contract with a network security firm. I had lost a lengthy contract with Microsoft after the likely hoax of a root kit on my computer at the opening of the mobbing and had to be flexible to stay employed. The Bay Area offered a lot of opportunity and, I hoped, my trips down would give me respite from the mobbing and allow to me to continue working to expose the crime.

Unfortunately, the mobbing continued through every leg of each of my journeys to California, through light rail and cab ride, through security and into secured areas of both Seattle-Tacoma and Oakland airports. What should be of specific concern to authorities is that the mobbing continued, even on the plane.

Nearly all of my flights were on the Boeing 737 classic series, characterized by Wikipedia.org as a narrow-body, medium range aircraft. With a cabin at once elegant and comfortable, the 737 classic is well suited to the Seattle-to-Oakland run along a corridor heavily traveled by the business class as well as by tourists and families.

Flight Ammenities_Page_1_cropped

 

The Boeing 737 classic offers “flight amenities” that include “inflight wi-fi.” This service allows you, the traveler, to connect to an onboard wireless network and to “surf, work, and be social.” The traveler who wishes to avail herself of the wireless service is instructed by a brochure supplied in the seat-back pouch before her to turn on wi-fi when the aircraft reaches 10,000 feet altitude and connect to the “gogoinflight” network.

Flight Ammenities_Page_1_plugin_section

Other amenities include USB ports as well as 110 volt outlets for charging.

Given the prevalence of wireless networks in the mobbing, I could assume that onboard wireless is what gives the hackers access to me. But shouldn’t the wireless network be locked down? After all, wireless systems are the easiest to crack and provide an entry point for movement across an otherwise protected network.

An April 15, 2015 article in the Daily Mail cites a U.S. government report that hackers can infiltrate flight systems and take over cockpit controls by using Internet access increasingly provided for customers on commercial flights. (Fears terrorists could use on-board WiFi to hack into flight systems and crash passenger plane, http://www.dailymail.co.uk/travel/travel_news/article-3039742/Fears-terrorists-use-board-WiFi-hack-flight-crash-passenger-planes.html) The report explains that while cockpit controls are separated from passenger entertainment and Internet services, updates to legacy aircraft systems commonly result in wi-fi systems that share routers or internal wiring. To solve the problem, airlines resort to the use of firewalls between systems, a stopgap measure that is inadequate because firewalls can be hacked. The report emphasizes, “Internet connectivity in the cabin should be considered a direct link between the aircraft and the outside world, which includes potential malicious actors.

Recent research additionally shows that even an air-gapped system, that is, a physically isolated computer, is no longer safe. A July 2015 article in Wired reported on Israeli researchers’ breach of the air-gap using the GSM network in combination with “electromagnetic waves and a basic low-end mobile phone.” (Researchers Hack Air-Gapped Computer With Simple Cell Phone, http://www.wired.com/2015/07/researchers-hack-air-gapped-computer-simple-cell-phone/)

Because the air-gap serves high-security environments, researchers warned that “devices capable of intercepting RF signals” should be prohibited. The article further cites 2014 research demonstrating that even the radio signals from a computer video card can enable an attack by a smartphone with an FM radio receiver. In the end, researchers discovered they could wirelessly exfiltrate data from up to 30 meters away and though exterior walls, by using a dedicated receiver. An August 2015 CNN article claims “[hackers] can just infect an office printer and—with software alone—turn it into a radio.” A photograph shows Ang Cui, a scientist from Red Balloon Security, standing over a hacked printer as it transmits radio waves to an antenna. (How your washing machine can steal computer files, http://money.cnn.com/2015/08/05/technology/radio-hack/)

The essential vulnerability then, is not in the physical media that networks devices together. The vulnerability is intrinsic to radio. But what airline is going to tell its business class customers they cannot fly with radios?

Because of their wireless network capabilities, cell phones and laptops are treated differently. Devices that have wireless capabilities send signals when they are in transmit mode. These transmissions can interfere with aircraft systems in flight and with wireless systems on the ground. For this reason, wireless use is regulated by the FCC and the FAA and the use of wireless is permitted only where an on-board wireless network that is specified to accommodate the transmissions of those signals is extended for customer use.

But when cell phones have controls for cellular use, for wireless use, and for use as a wireless hot spot, things get complicated. For this reason, the use of cell phones for voice communications in flight is prohibited.

λ

A few months back, when it dawned on me that the mobbers might be using radio to harass me, I found RadioReference.com. Actually, maybe what led to my finding this site was realizing that family of one of those mobbing me has call letters.

What stood out right away was some mysterious forum titled “Software Defined Radio.” A quick search assured me that hackers were “very excited” about it. In a moment, the low-tech and high-tech techniques of mobbing came together in radio spectrum.

Early on in the mobbing, when I was purchasing cheap RF detectors and going room-to-room looking for devices planted in my walls, the mobbers attempted to heighten my fear by allowing me to “overhear statements” about “all the RF” they had going through my home. They warned that I would get cancer if I didn’t “get out” immediately.

As it turns out, all of our homes are shot through with RF—radio frequency—and with increasing numbers of home appliances working the ultra high frequency (UHF) band, the waves are rising. You can find an informative DefCon (the hackers’ conference) presentation on SDR entitled All Your RFz Are Belong to Us: Hacking the Wireless World with Software Defined Radio on YouTube.

In radio spectrum, there’s a frequency for everything, and everything has a frequency. On a software-defined radio, signal processing is done in software instead of hardware. This allows a single SDR to transmit and receive a wide variety of radio protocols or “waveforms”. The result is a software application able to bridge bands across the spectrum.

I got a cheap NooElec USB dongle with antenna and remote control this week and found a companion volume on the use of SDR on Amazon.com, The Hobbyist’s Guide to the RTL-SDR: Really Cheap Software Defined Radio. My attention was immediately drawn to the sections on using SDR to receive data from the ACARS and ADS-B aircraft radio systems.

ACARS is the Aircraft Communications Addressing and Reporting System. Get an SDR and you can listen in on the status messages sent between planes and ground stations to mark the phases of a flight, for example, reports of taking flight or touching down. Standard ACARS transmits on the VHF band, usually 131.550 MHz. Some ACARS messages may be sent by satellite or on the HF band.

ADS-B is Automatic Dependent Surveillance Broadcast, the system used by the Mode-S transponder on a plane to broadcast information about location and altitude to other aircraft and air traffic controllers. According to The Hobbyist’s Guide, if you pair the RTL-SDR radio with a good antenna, you can listen in on ADS-B signals from as far as 290 miles away. ADS-B transmits at 1090 MHz and the data is not encrypted.

Whether either of these two systems could provide entry points for intrusions by hackers who are not already onboard an aircraft is unknown to me.

The Hobbyist’s Guide also includes sections on Monitoring Military Aircraft and Real-time Cockpit Instrument Display.

Historically, the argument against the proliferation of personal devices on aircraft has centered on radio interference. In 1966, FM radio interference was the major concern of the FAA.

CNN writers Mike M. Ahlers and Rene Marsh insist there is evidence that electronic devices have contributed to interference on planes. Portable electronic devices are unlikely to be the sole cause of an accident, they say, but the FAA remains interested in them as contributors to accidents that could occur. (Can your cell phone bring down a plane, http://www.cnn.com/2013/09/23/travel/cell-phones-devices-on-airplanes/)

The article describes a visit to the Boeing Electromagnetic Interference Lab in Seattle, in which a laptop computer was placed within range of an antenna to show how it affected airplane radio frequencies. The test showed that the laptop could potentially interfere with VFR (visual flight rules) radios on the plane. The lab engineer explained that pilots must work around any interference that occurs and that this added work can become an issue during “critical phases of flight” such as takeoff and landing, when the pilot must be focused on the safety of the aircraft.

The article cited study findings by the International Air Transport Association that from 2003 to 2009, pilots reported 75 cases of suspected electronic device interference, including interference from mobile phones. Pilots found that when passengers shut off the devices, the interference ceased. The report concluded that most aircraft systems, including communication and navigation systems as well as flight controls, were vulnerable.

The FAA recommends that devices remain off until aircraft are at 10,000 feet. This is the standard that Alaska airlines references in its brochure on wi-fi and other flight amenities.

The difficulty is in controlling the human factors and the ever-present unintended consequences. Criminal real estate speculators who are willing to follow and harass their victims in the air are one of the wildcards in the deck. Onboard electronic communications systems should at least be hardened against rogue operators and shielded from interference. Perhaps a mobbing victim could then get a few minutes of peace.

λ

It would be in keeping if the mobbers harassed me on flights over the wireless entertainment system. I’ve temporarily quieted them before by plugging a headphone into a jack or muting the volume of a computer. They’re not using my cell phone on the plane because my cell phone and the wireless connection on my cell phone and computer are always off when they are not in use. I keep everything shut off when I’m not making a call or using the phone as a music player in my car, something that regrettably gives the mobbers a pretty good platform for harassment.

Other possibilities include cellular access over the cell phones of others on board the plane. Just like anywhere I go since the mobbing started in May of 2014, when I’m on a plane and my seatmate is using a smart phone, I hear the harassment more. But why would hackers go for the cellular network when wi-fi is the easiest and the most unlikely network for any breach to be detected? Perhaps they use cell phones that have wireless service turned on.

Another theme in the mobbing is the following with harassment by public address and wireless systems. In a recent example of this type of monkey-wrenching, hackers broadcast pornography over a public address system at Target.

Perhaps what makes mobbers mobbers is that they’ll use any means available to them to hack, hoax or harass a victim out of their home. This might begin at home, but they show no reluctance to monitor and harass on the freeway, at the bank, at the worksite, or on the plane.

The fact that the mobbers can almost seamlessly harass me from airport to airport and on the flights between them, however, is deeply troubling. As a general rule, I leave my own cell phone off. At the outset of the mobbing, I had no cell phone; now I disable cellular, wireless, and GPS tracking on the phone I have as much as possible. The most likely means would seem to include:

  • Public address systems in airports, especially those connected to wireless networks
  • Public address systems on aircraft
  • Wireless networks offered on aircraft
  • Speakers on the devices of fellow travelers with wireless enabled
  • Speakers on the devices of fellow travelers with cellular service enabled

There’s something terribly wrong with this picture. Here we are, going to an airport patrolled by local police, the TSA and federal agents, we present our identification and must prove that we have legitimate business past the security gates. We take off our shoes, our coats, remove everything from our pockets and make our luggage available for x-ray scanning. We walk through imaging machines to show we have secreted no weapons, some of us are patted down and others of us are checked for explosive residue. We go to great lengths to secure the safety of domestic and international travel from airport to airport. How is it possible to be harassed in secure areas of the airport and even on an airplane?

It seems likely that this would work to some extent as it does when I’m outside anywhere. Because they monitor my home, the mobbers know when I’m flying and what flight I’m going to be on. Monitoring allows my position in space to be tracked, regardless of whether I carry a portable device. Once my location is known, it can be mapped against access points on a wireless network or even just the wireless speakers of a building public address system. The easiest thing might be to follow me on others’ portable devices. Since a prominent feature of mobbing seems to be harassment that isolates and is difficult to prove, I’ve also speculated on whether, at least in Seattle, I am followed from a distance. But that only works up to a certain point, and where I’ve typically stayed in California, the harassment has increased with the number of wireless access points in the house. Conversely, the few times I ended up on a flight on an aircraft about two-thirds of the size of the 737, an aircraft lacking on-board wi-fi and entertainment, the flight was much quieter.

The persistence of the mobbers in harassing under the gaze of the Transportation Security Administration (TSA) and other airport and flight security personnel raises questions about the security of the communication systems at airports. Should hackers and harassers be able intrude on personal and public communications systems in secured areas? If hackers can put pornography on the Target public address system, what could a terrorist do with the public address system at an airport? And does passenger use of portable devices in the terminal make our airports insecure?

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: