Talk: Pentesting airports: field experiences

Critical Infrastructures (CIs) are one of the most important assets in today’s connected world.

Among them, airports definitely play a key role. Latest news showed questionable “incidents” (i.e. airport in Poland, and more), while Full and Responsable disclosure started to highlight serious security issues,
such as on-board hacking.
Myself, I found a vulnerability on the entertainment system on a Air China plane, while flying to Bejing last summer.

Giving all of the above, me and my team we just couldn’t refuse a request for engagement, when we’ve been selected by the IT department of a large European international airport.

After months of work, here’s what we found, so that different airports may finally start to understand that the issues here are really serious: Houston, we got a problem!!!

Bio:

Raoul “Nobody” Chiesa was born in Torino, Italy. After being among the first Italian hackers back in the 80’s and 90’s (1986-1995), Raoul decided to move to professional InfoSec, establishing back in 1997 the very first vendor-neutral Italian security advisory company; he then left it in 2012, establishing “Security Brokers”, a visionary joined stock company providing niche, cutting-edge security consulting services and solutions.

Raoul is among the founder members of CLUSIT (Italian Information Security Association, est. 2000) and he is a Board of Directors member at ISECOM, OWASP Italian Chapter, and at the Italian Privacy Observatory (AIP/OPSI); he has been one of the coordinators of the Working Group “Cyber World” at the Center for Defence Higher Studies (CASD) between 2010 and 2013 at the National Security Observatory (OSN) at Italy’s MoD. He is a former member of the ENISA Permanent Stakeholders Group (2010-2012 and 2013-2015), a independent “Special Advisor on Cybercrime and Hacker’s Profiling” at the UN agency UNICRI, and a Member of the Coordination Group and Scientific Committee of APWG European chapter, the Anti-Phishing Working Group, acting like a “Cultural Attachè” for Italy. Since July 2015 he’s a Board Member at AIIC, Italian Experts Association on Critical Infrastructures.

Raoul publishes books and white papers in English and Italian language as main author or contributor, a worldwide known and appreciated Key Note and Speaker, and he’s a regular contact for worldwide medias (newspapers, TV and bloggers) when dealing with Information Security issues and IT security incidents.