Imagine being able to change the languages for the applications that a computer is running and taking control over it. That is exactly what managed code rootkits can do when they are placed within a computer. This new type of rootkit is hiding in a place that had previously been safe from this type of attack-the application level. Code reviews do not currently look for back doors in the virtual machine (VM) where this new rootkit would be injected. An invasion of this magnitude allows an attacker to steal information on the infected computer, provide false information, and disable security checks. Erez Metula shows the reader how these rootkits are developed and inserted and how this attack can change the managed code that a computer is running, whether that be JAVA, .NET, Android Dalvik or any other managed code. Management development scenarios, tools like ReFrameworker, and countermeasures are covered, making this book a one stop shop for this new attack vector.
Introduces the reader briefly to managed code environments and rootkits in general
Completely details a new type of rootkit hiding in the application level and demonstrates how a hacker can change language runtime implementation
Focuses on managed code including Java, .NET, Android Dalvik and reviews malware development scenarios
“It is late fall 2025; Al Qaeda sleeper cells target the disruption of airline traffic into multiple East coast airports during the busy travel season from Thanksgiving through Christmas. ADS-B IN/OUT has been fully implemented by the FAA; all commercial airlines have invested heavily to comply with the mandate. Oil prices are at an all time high and flights are carrying minimal fuel loads to save money and offset the cost of avionics.
The goal: force multiple airplanes to divert; pilots, FAA controllers and passengers to lose faith in the system; and possibly cause enough chaos to the NAS system that a few lives are lost.
The plan: exploit the U.S. dependency on ADS-B IN/OUT and GPS for arrivals into busy airports, especially during low visibility conditions.
The teams: five two man teams have been put into play for the mission. They are provided with all the commercially available technology they will need, along with a few modified laptop computers, antennas and transmitters.
The targets: Regan National, Dulles, La Guardia, JFK and Philadelphia International airports. The terrorists have been tasked to park minivans with computers containing modified software that are coupled to ADS-B OUT transmitters. The software is designed to be remotely activated and controlled over an Internet connection. Each computer is programmed specifically for the targeted airport, and transmits 978MHz and 1090MHz signals out a boosted transmitter.
As a result, airlines on final approach will receive false targets on their displays. The terrorists ghost target injects also propagate to the FAA controller’s screens. The terrorists intended these spoofed targets, programmed at conflicting arrival and departure corridors as well as in runway incursion situations, to cause multiple airports to become temporarily unusable. The resulting domino effect causes aircraft diversions and delays that will lead to chaos.”