A1 Alkuperäisartikkeli tieteellisessä aikakauslehdessä
On Apache Log4j2 Exploitation in Aeronautical, Maritime, and Aerospace Communication (2022)
Juvonen, A., Costin, A., Turtiainen, H., & Hämäläinen, T. (2022). On Apache Log4j2 Exploitation in Aeronautical, Maritime, and Aerospace Communication. IEEE Access, 10, 86542-86557. https://doi.org/10.1109/ACCESS.2022.3198947
JYU-tekijät tai -toimittajat
Julkaisun tiedot
Julkaisun kaikki tekijät tai toimittajat: Juvonen, Artturi; Costin, Andrei; Turtiainen, Hannu; Hämäläinen, Timo
Lehti tai sarja: IEEE Access
eISSN: 2169-3536
Julkaisuvuosi: 2022
Ilmestymispäivä: 16.08.2022
Volyymi: 10
Artikkelin sivunumerot: 86542-86557
Kustantaja: Institute of Electrical and Electronics Engineers (IEEE)
Julkaisumaa: Yhdysvallat (USA)
Julkaisun kieli: englanti
DOI: https://doi.org/10.1109/ACCESS.2022.3198947
Julkaisun avoin saatavuus: Avoimesti saatavilla
Julkaisukanavan avoin saatavuus: Kokonaan avoin julkaisukanava
Julkaisu on rinnakkaistallennettu (JYX): https://jyx.jyu.fi/handle/123456789/84864
Tiivistelmä
Apache Log4j2 is a prevalent logging library for Java-based applications. In December 2021, several critical and high-impact software vulnerabilities, including CVE-2021-44228, were publicly disclosed, enabling remote code execution (RCE) and denial of service (DoS) attacks. To date, these vulnerabilities are considered critical and the consequences of their disclosure far-reaching. The vulnerabilities potentially affect a wide range of internet of things (IoT) devices, embedded devices, critical infrastructure (CI), and cyber-physical systems (CPSs). In this paper, we study the effects and feasibility of exploiting these vulnerabilities in mission-critical aviation and maritime environments using the ACARS, ADS-B, and AIS protocols. We develop a systematic methodology and an experimental setup to study and identify the protocols’ exploitable fields and associated attack payload features. For our experiments, we employ software-defined radios (SDRs), use open-source software, develop novel tools, and develop features to existing software. We evaluate the feasibility of the attacks and demonstrate end-to-end RCE with all three studied protocols. We demonstrate that the aviation and maritime environments are susceptible to the exploitation of the Log4j2 vulnerabilities, and that the attacks are feasible for non-sophisticated attackers. To facilitate further studies related to Log4j2 attacks on aerospace, aviation, and maritime infrastructures, we release relevant artifacts (e.g., software, documentation, and scripts) as open-source, complemented by patches for bugs in open-source software used in this study.
YSO-asiasanat: kyberturvallisuus; langaton tiedonsiirto; langaton viestintä; meriliikenne; lentoliikenne; lennonvarmistus; tietoliikennesatelliitit; haavoittuvuus; verkkohyökkäykset; Apache; Java
Vapaat asiasanat: CVE-2021-44228; log4j; log4shell; vulnerability; exploitation; experimentation; proof-of-concept; aviation; avionics; ACARS; ADS-B; maritime; AIS; aerospace; satellite
Liittyvät organisaatiot
OKM-raportointi: Kyllä
Raportointivuosi: 2022
JUFO-taso: 2
