Researcher shows how to hack (and crash) a passenger aircraft with an Android phone...

 

If you're nervous about flying, this won't allay your fears about hopping on a plane, so you might want to look away now. The Hack In The Box security conference taking place in Amsterdam this week has thrown up some interesting talks - but none so concerning as 'Aircraft Hacking: Practical Aero Series' by Hugo Teso.

Teso works as a security consultant at n.runs in Germany, and his Aircraft Hacking talk promised a practical demonstration of how to remotely attack and take full control of an aircraft. His talk was the product of three years of developing code and tinkering with second-hand flight system software and hardware. It comes a fortnight after the Federal Aviation Administration (FAA) have expressed hopes that they will be able to relax rules for reading devices during take-off and landing - and with this research, they may want to reconsider their position.

The results of Teso's hard work are terrifying. Firstly, the Automated Dependent Surveillance-Broadcast (ADS-B), which is a surveillance technology for tracking aircraft, has no security. The United States government will require all aircraft to be equipped with ADS-B by the year 2020 - however, the system has been proven to be unencrypted and unauthenticated. Teso's presentation stated that the attacks on this system "range from passive attacks (eavesdropping) to active attacks (message jamming, replaying, injection)".

Secondly, the Aircraft Communications Addressing and Reporting System (ACARS) - which is used for exchanging messages between aircraft and stations via radio or satellite - also has no security. Teso pointed out that anyone with a little knowledge can read and send ACARS messages - and it may be as simple as purchasing some hardware from eBay.

Using a lab of virtual planes based on real aircraft codes, Teso gave a practical demonstration of how to use ACARS to upload Flight Management System (FMS) data. Once in, he was able to manipulate the steering of a Boeing jet in 'autopilot' mode, and said he could make oxygen masks drop down, and even cause the plane to crash by setting it on a collision course with another plane.

Teso explained to Forbes: "ACARS has no security at all. The plane has no means to know if the messages it receives are valid or not. So they accept them, and you can use them to upload data to the plane that triggers these vulnerabilities. And then it's game over."

The hijack was all carried out using Teso's code, SIMON, and a specially-made Android app called PlaneSploit (fortunately, it's not available for the masses) which enable the user to: change the plane's course; crash the plane; set lights flashing in the cockpit; activate something when the plane is in a certain area.

As well as ACARS and ADS-B having serious security failings, Teso also pointed out that lots of aircraft computers run outdated software which don't meet modern safety requirements.

Teso told Forbes: "You can use this system to modify approximately everything related to the navigation of the plane. That includes a lot of nasty things."

Although this makes for uncomfortable reading for those of us who love to jet off on holidays, rest assured that the Federal Aviation Administration and the European Aviation Safety Administration have been informed and are working to patch up these security flaws.

News
people

Actress sees off speculation about her appearance in an amazing way

Arts and Entertainment
Serge Pizzorno of Kasabian and Noel Fielding backstage at the Teenage Cancer Trust concerts
musicKasabian and Noel Fielding attack 'boring' musicians
News
videoWatch Lynda Bellingham's tragic final Loose Women appearance
Arts and Entertainment
The last great picture - Winner 'Black and White' and overall 'Wildlife Photographer of the Year'
art
PROMOTED VIDEO
Life and Style
ebooksA superb mix of recipes serving up the freshest of local produce in a delicious range of styles
Life and Style
ebooksFrom the lifespan of a slug to the distance to the Sun: answers to 500 questions from readers
News
people

News
i100
Arts and Entertainment
High notes, flat performance: Jake Bugg
music

Review: Despite an uphill climb to see Jake Bugg in action, his performance is notably flat

News
The Putin automaton will go on sale next month in Germany
videoMusical Putin toy showing him annexing Crimea could sell for millions
News
news

Powerful images of strays taken moments before being put down

News
i100
Arts and Entertainment
S Club 7 pose for Children in Need 2001
music
Arts and Entertainment
'Right Here' singer Jess Glynne is nominated for Best Newcomer at the MOBO Awards 2014
musicExclusive: Jess Glynne hits out at 'ridiculous' criticism of white artists nominated for Mobo Awards
Voices
'Irritatingly Disneyfied': fashion vlogger Zoella
voices

Arts and Entertainment
Russell Brand has written a book of political analysis called Revolution
books

Review: Witty banalities aside, the comedian has an authentic voice

Arts and Entertainment
Separated at birth? Frank Sivero (left) claims The Simpsons based Mafia character Louie on his Goodfellas character
arts + entsFrank Sivero sues Simpsons studio over allegedly basing mobster character on Frank Carbone
News
Carl Bernstein (left) and Bob Woodward (right) with former 'Washington Post' executive editor Ben Bradlee
people

The Washington Post editor helped Bob Woodward and Carl Bernstein bring down President Nixon

Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Database Administrator

    £300 - £350 Per Day: Clearwater People Solutions Ltd: The role could involve w...

    Trainee Recruitment Consultant - SThree Group - Leeds

    £18000 - £23000 per annum + Uncapped Commission: SThree: SThree Group has been...

    Trainee Recruitment Consultant - SThree Group - Bristol

    £18000 - £23000 per annum + Uncapped Commission: SThree: SThree Group has been...

    Trainee Recruitment Consultant - Birmingham - Computer Futures

    £18000 - £23000 per annum + Commission: SThree: The SThree group is a world le...

    Day In a Page

    Indiana serial killer? Man arrested for murdering teenage prostitute confesses to six other murders - and police fear there could be many more

    A new American serial killer?

    Police fear man arrested for murder of teen prostitute could be responsible for killing spree dating back 20 years
    Sweetie, the fake 10-year-old girl designed to catch online predators, claims her first scalp

    Sting to trap paedophiles may not carry weight in UK courts

    Computer image of ‘Sweetie’ represented entrapment, experts say
    Fukushima nuclear crisis: Evacuees still stuck in cramped emergency housing three years on - and may never return home

    Return to Fukushima – a land they will never call home again

    Evacuees still stuck in cramped emergency housing three years on from nuclear disaster
    Wildlife Photographer of the Year: Intimate image of resting lions claims top prize

    Wildlife Photographer of the Year

    Intimate image of resting lions claims top prize
    Online petitions: Sign here to change the world

    Want to change the world? Just sign here

    The proliferation of online petitions allows us to register our protests at the touch of a button. But do they change anything?
    Ed Sheeran hits back after being labelled too boring to headline festivals

    'You need me, I don’t need you'

    Ed Sheeran hits back after being labelled too boring to headline festivals
    How to Get Away with Murder: Shonda Rhimes reinvents the legal drama

    How to Get Away with Murder

    Shonda Rhimes reinvents the legal drama
    A cup of tea is every worker's right

    Hard to swallow

    Three hospitals in Leicester have banned their staff from drinking tea and coffee in public areas. Christopher Hirst explains why he thinks that a cuppa is every worker's right
    Which animals are nearly extinct?

    Which animals are nearly extinct?

    Conservationists in Kenya are in mourning after the death of a white northern rhino, which has left the species with a single male. These are the other species on the brink
    12 best children's shoes

    Perfect for leaf-kicking: 12 best children's shoes

    Find footwear perfect to keep kids' feet protected this autumn
    Anderlecht vs Arsenal: Gunners' ray of light Aaron Ramsey shines again

    Arsenal’s ray of light ready to shine again

    Aaron Ramsey’s injury record has prompted a club investigation. For now, the midfielder is just happy to be fit to face Anderlecht in the Champions League
    Comment: David Moyes' show of sensitivity thrown back in his face by former Manchester United manager Sir Alex Ferguson

    Moyes’ show of sensitivity thrown back in his face... by Ferguson

    Manchester United legend tramples on successor who resisted criticising his inheritance
    Two super-sized ships have cruised into British waters, but how big can these behemoths get?

    Super-sized ships: How big can they get?

    Two of the largest vessels in the world cruised into UK waters last week
    British doctors on brink of 'cure' for paralysis with spinal cord treatment

    British doctors on brink of cure for paralysis

    Sufferers can now be offered the possibility of cure thanks to a revolutionary implant of regenerative cells
    Ranked seventh in world’s best tourist cities - not London, or Edinburgh, but Salisbury

    Lonely Planet’s Best in Travel 2015

    UK city beats Vienna, Paris and New York to be ranked seventh in world’s best tourist destinations - but it's not London