Making Unique Observations in a Very Cluttered World

Friday, 12 April 2013

TEPCO May Just Dump Its Radioactive Water Into Pacific -

TEPCO May Just Dump Its Radioactive Water Into Pacific - 

Tokyo Electric Power Co. (9501)’s discovery of leaks in water storage pits at the wrecked Fukushima atomic station raises the risk the utility will be forced to dump radioactive water in the Pacific Ocean.

Leaks were found in three of seven pits in the past week, reducing the options for moving contaminated water from basements of reactor buildings. Water in the basements is from the months after the earthquake and tsunami disabled the plant two years ago, when disaster teams used hose pipes and pumps to try and cool the reactors.

Tepco Faces Decision to Dump Radioactive Water in Pacific Ocean  Tokyo Electric Power Co. via Bloomberg
Naomi Hirose, president of Tokyo Electric Power Co. (Tepco), center, and the company's employees, wearing protective suits and masks, inspect an underground water storage pit at the Fukushima Dai-Ichi plant in Fukushima, Japan in this handout photograph taken on April 10, 2013.

Naomi Hirose, president of Tokyo Electric Power Co. (Tepco), center, and the company's employees, wearing protective suits and masks, inspect an underground water storage pit at the Fukushima Dai-Ichi plant in Fukushima, Japan in this handout photograph taken on April 10, 2013. Source: Tokyo Electric Power Co. via Bloomberg.

While the company has since built a makeshift sealed cooling system, underground water is breaching basement walls at a rate of about 400 tons a day and becoming contaminated, according to Tepco’s estimate. With Japan’s rainy season approaching, contaminated water levels are likely to increase at the plant 220 kilometers (137 miles) northeast of Tokyo. 


Robotic Bees to Pollinate Monsanto Crops -

Robotic Bees to Pollinate Monsanto Crops - 

Maybe.  Russ McSpadden writes at Earth First! Newswire:

Pollinators participate in the sexual-reproduction of plants. When you eat an almond, beet, watermelon or sip on coffee, you’re partaking of an ancient relationship between pollinators and flowers. But since the 1990s, worldwide bee health has been in decline and most evidence points to toxic pesticides created by Shell and Bayer and the loss of genetic biodiversity due to the proliferation of GMO monocrops created in laboratories by biotech companies like Monsanto.

But never worry, those real life pollinators—the birds and the bees, as they say—may soon be irrelevant to the food needs of civilization. Harvard roboticists are developing a solution to the crisis: swarms of tiny robot bees made of titanium and plastic that can pollinate those vast dystopian fields of GMO cash crops.

The Harvard Microrobotics Lab has been working on its Micro Air Vehicles Project since early 2009. Borrowing from the biomechanics and social organization of bees, the team of researchers is undergoing the creation of tiny winged robots to fly from flower to flower, immune to the toxins dripping from petals, to spread pollen. They even believe that they will soon be able to program the robobees to live in an artificial hive, coordinate algorithms and communicate amongst themselves about methods of pollination and location of particular crops.

Of course, published reports from the lab also describe potential military uses—surveillance and mapping—but the dime-sized cyber-bees have yet to be outfitted with neurotoxin tipped stingers.


Hacker uses an Android to remotely attack and hijack an airplane -

Hacker uses an Android to remotely attack and hijack an airplane - 

The Hack in the Box (#HITB2013AMS) security conference in Amsterdam has a very interesting lineup of talks [pdf]. One that jumped out was the Aircraft Hacking: Practical Aero Series presented by Hugo Teso, a security consultant at n.runs in Germany. According to the abstract, “This presentation will be a practical demonstration on how to remotely attack and take full control of an aircraft, exposing some of the results of my three years research on the aviation security field. The attack performed will follow the classical methodology, divided in discovery, information gathering, exploitation and post-exploitation phases. The complete attack will be accomplished remotely, without needing physical access to the target aircraft at any time, and a testing laboratory will be used to attack virtual airplanes systems.

While keeping an eye on Twitter #HITB2013AMS, greatly interesting tweets started to appear as hackers who attended were excited. I will add some of those throughout this article.

Before his presentation, Teso recommended that people should have a little background knowledge on aviation and aircraft systems to better understand what he was going to explain. Here’s a few important facts: Automated Dependent Surveillance-Broadcast (ADS-B) has no security as was pointed out at Def Con 20 shortly before a hacker was able to inject ghost planes into radar. It is unencrypted and unauthenticated. Teso said, “Attacks range from passive attacks (eavesdropping) to active attacks (message jamming, replaying, injection.” The Aircraft Communications Addressing and Reporting System (ACARS) also has no security; it “is used for exchanging text messages between aircraft and ground stations via radio (VHF) or satellite.” Although his talk did not focus on the vulnerabilities in those two protocols, he used them to find targets.

Anyone with the right tools and a little know-how can read and send these ACARS messages. Teso purchased hardware from eBay that provided “actual flight code software” for “training” such as Flight Management System made by Rockwell. He also needed a radio transmitter and explained about software radio systems before the talk. He audited real aircraft code, searching for vulnerabilities to exploit, but used a lab with virtual airplanes as opposed to hijacking an actual jet in flight. Hijacking a real plane during a flight was “too dangerous and unethical.”

Help Net Security was present at the demo and explained:

By taking advantage of two new technologies for the discovery, information gathering and exploitation phases of the attack, and by creating an exploit framework (SIMON) and an Android app (PlaneSploit) that delivers attack messages to the airplanes' Flight Management Systems (computer unit + control display unit), he demonstrated the terrifying ability to take complete control of aircrafts by making virtual planes "dance to his tune."

According to Teso’s presentation slides [pdf], the ACARS datalink allowed for “real-time data transmission” and all communications between planes and airports are sent unencrypted. Teso used ACARS to exploit and break into the airplane’s onboard computer system and then upload Flight Management System (FMS) data. FMS could be uploaded by software defined radio and ground service providers.

Once he was into the airplane’s computer, he was able to manipulate the steering of a Boeing jet while the aircraft was in “autopilot” mode. The only countermeasure available to pilots, if they even realized they were being hacked, would be to turn off autopilot. Yet many planes no longer have old analog instruments for manual flying. Teso said he could take control of most all airplane systems; he could even cause the plane to crash by setting it on a collision course with another plane. He could also give the passengers a serious adrenaline rush by making the oxygen masks drop down.

Teso used his Samsung Galaxy and a specially crafted app called PlaneSploit to demonstrate how to hack an airplane’s computer. (Thank you for tweeting the image @isa56k!) Crime Site also showed a quick clip of the hack. And no, PlaneSploit is not going to be available to the masses to hijack planes with their Android devices.

Read more -