View Single Post
Old 11th Apr 2013, 14:55   #7 (permalink)
areobat
 
Join Date: May 2008
Location: USA
Posts: 44
I just read this over the The Register and I suspect that everything he says is possible is indeed possible. These systems were designed with the assumption that both the transmitting device and the receiving device were validated. I'm sure a great deal of time and effort went into validation and testing to make sure the transmitted messages were properly formatted, transmitted, and received. I'm sure the system was also tested for its ability to detect and reject messages corrupted by random interference.

But the complete lack of any authentication security tells me that there was no attempt to validate the system for deliberately constructed malicious messages. In networking systems, maliciously constructed messages/packets are probably the most common attack vector. And they often succeed, even on networks hardened against such attacks. I should think that do what he claims would be child's play for someone with in-depth knowledge of those systems.
areobat is offline   Reply With Quote