Aviation Security

Access Control Systems

  • Access card security

  • Access card audit logs

  • What kind of Access cards are in use ?

    • Mag stripe

    • PIN

  • Is the Access Card work's at multiple locations ?

Tools : Proxmark

Building Management

  • Building Management System

  • HVAC

  • Industrial process controllers

Check In Systems

  • Check in Desktops

  • Kiosk Machines

    • Self-check kiosk's

Baggage Handling

  • Industrial controllers

  • OT/IOT/PLC's

  • Note: Need network segmentation for these devices , dedicated serial network

Flight Display Systems

  • Note: Bristol Airport Ransomware Attack

CCTV

  • Security key management

  • Device vulnerabilities

Airside Security

  • Electronic passport gates

  • Security scanning

  • X-Ray Machines

Network Segregation

  • Law enforcement network and Airport Network

Airside Concessions

  • Check in desks

  • Concession Spaces

WIFI

  • Electronic flight bags

  • Aviation devices

  • Spoofing attacks

  • Evil twin attacks

Airside Systems:

  • Ground power system network connections/monitoring

  • Ground control and power systems

  • OT/IOT devices in the scope

Airside Vehicles

  • ADS-B : Radar communications

  • Rogue signals with SDR

Pushback Tugs

  • Robot Tugs using Remote control

Airside RF

  • Ground Navigational Systems

Docking System

  • Infrared Lasers

Briefing Systems - pilot briefing systems

Gate link

Run way lighting

Reference:

https://www.pentestpartners.com/security-blog/mapping-the-attack-surface-of-an-airport/

PreviousNavigating the Complex Web of Airport Operations: Key Components and Leading Industry ProvidersNextComputational Science

Last updated