Sunday, July 26, 2015

Teso: "I will not stop investigating aviation security"

Hugo Teso, security consultant specializing in aviation.

Foto: Elisa Coello Rueda
I do not know in person Hugo Teso, but I feel great tenderness for him. Possibly his intellectual courage has something to do. It has not gone to college. He came to selectivity, was licensed commercial pilot and from there he has climbed the world's elite of cybersecurity: thus, has become the first consultant who advised the incredible fragility of aeronautical communications systems. The breakthrough came when, in The Box Hacking Conference in Amsterdam, Hugo showed how from a mobile phone he could hack a plane.

Just turned 33, an age really significant. In Berlin he works for a renowned Finnish company F-Secure, which just bought the Danish company that employed him. The great Hugo Teso born in Barcelona but the reader will agree with me that such a large talent needs expansion. In his Linkedin he says his work is "computer consultant". He makes it clear that behind that nondescript name hides a fun: testing the safety of all types of systems, from web pages or apps to airplanes and cars.

Foto: Elisa Coello Rueda
What does a guy like you playing to hack airplanes?

"No aircraft has been damaged in the course of these investigations." After so many years playing with the same systems, when I finally noticed the aircraft and saw it was something new there was no turning back. Novelty, challenge, and gathering my two passions was too much temptation! Then there was, and still is not great documentation or resources on which to rely so for someone who was already tired of always doing the same, it was like discovering a new unexplored world.

After you showed an Android app to theoretically hack airplanes, you had appearances on CNN, BBC, Spiegel, CBS, Forbes ... Did this provide something?

Yes. It took time and is a process that is still running, but you can not claim that an industry like aviation addresses important changes overnight. It is not tasteful dish, at least for me, to suffer all this media attention, but back then it was a necessary evil.It had an important message to deliver and it was impossible to do so responsibly for more private channels so I decided to use the media to do that job for me. And it worked.

Why is heaven calling you?

Well, I could not tell if the sky are calling me or the earth is repelling me :-P I could try to explain why, invoking some romanticism about the feeling of freedom when flying and that sort of things; but the only truth is that until you do not try, you can not explain ;)

You announced that you would cease to investigate airplanes ...

Misunderstanding alert! I will not stop investigating aviation security, even as a joke! My purpose is to stop giving lectures exposing the flaws that I found. On the one hand because it is no longer necessary to go to a conference to spread the message that aviation has to to smarten up on security, that message is sent and received. Secondly because now, thanks to my talks, I have better channels to report these failures directly to affected companies or agencies.

Foto: Elisa Coello Rueda
Why did you get into the world of computing?

Are you really making me such a classic question? I expected more from you ;) I did not get in anywhere, mind you; I lived quietly as any happy child, until one day a computer appeared in my life (it will always be grateful to my grandfather) and after that ... everything is blurry. The idea was to work on pilot but that could not be, so I had to adapt.

How does a self taught comes to computer security?

I always learned more on my own, until 48bit was created. At first I learned and practiced alone; not antisocial, rather because there was no one around me with similar hobbies. Once 48bit was born, I joined elements with the same psychological problems as me, or worse, and we went into a downward spiral from which we have not yet come :-D Joking aside (or not) in 48bit is where most II learned from very good people, and a lot!

According to LinkedIn, the job you have lasted the most, it has been for two years. Are you the hackers like that.

If you mean "demanding", that is. Sometimes your boss congratulates you for your good performance, and he announces he will promote you, with more responsabilities but keeping your basic salary. Sometimes, someone directly says that you need no earnings to live with. I disagree.

But it's not always a matter of money. catch it. There is also the day when someone asks you to fake your investigation results because they would trouble the client, like some alergy to red ink on reports. OK: I say no.  I don't aspire to be rich, I've got my principles and minimum requirements that I won't break.

Foto: Elisa Coello Rueda
Instead, you take eight years engaged in aviation security. Are you the hackers, again, like that?

Really I would not know to tell you how the hackers  are, but if I found some loving field, I won't stop until I control it. And in aviation world, it would take a whole life. Aviation, just like all the other new technologies, evolves a lot and fast, so it will not bore me early. Now I have a lot more knowledge, contacts and resources than when I got started, so my head will stay "in the clouds" for a while.

Cybersecurity is becoming more and more violent. ¿How to bring back harmony in computing?

Maybe... changing human nature? I don't believe that behind violence is the way cybersecurity is going on. Just like any theater of war, there are contenders, goals, resources and motivation. There was a time when you only find webpages from some geek people. There was no matter because there was nothing to fight for. Then companies and governments arrived and decided to connect everything to Internet, so there is the motivation for any conflict. So you decide: to erase the motivation and shut off any potential objective among infrastructures and systems, or to change human nature for nobody wanting to attack anyone. The first one is not going to happen, and the second one is so naive.


Texto: Mercè Molist

0 comments:

Post a Comment