Researcher shows how to hack (and crash) a passenger aircraft with an Android phone...

 

If you're nervous about flying, this won't allay your fears about hopping on a plane, so you might want to look away now. The Hack In The Box security conference taking place in Amsterdam this week has thrown up some interesting talks - but none so concerning as 'Aircraft Hacking: Practical Aero Series' by Hugo Teso.

Teso works as a security consultant at n.runs in Germany, and his Aircraft Hacking talk promised a practical demonstration of how to remotely attack and take full control of an aircraft. His talk was the product of three years of developing code and tinkering with second-hand flight system software and hardware. It comes a fortnight after the Federal Aviation Administration (FAA) have expressed hopes that they will be able to relax rules for reading devices during take-off and landing - and with this research, they may want to reconsider their position.

The results of Teso's hard work are terrifying. Firstly, the Automated Dependent Surveillance-Broadcast (ADS-B), which is a surveillance technology for tracking aircraft, has no security. The United States government will require all aircraft to be equipped with ADS-B by the year 2020 - however, the system has been proven to be unencrypted and unauthenticated. Teso's presentation stated that the attacks on this system "range from passive attacks (eavesdropping) to active attacks (message jamming, replaying, injection)".

Secondly, the Aircraft Communications Addressing and Reporting System (ACARS) - which is used for exchanging messages between aircraft and stations via radio or satellite - also has no security. Teso pointed out that anyone with a little knowledge can read and send ACARS messages - and it may be as simple as purchasing some hardware from eBay.

Using a lab of virtual planes based on real aircraft codes, Teso gave a practical demonstration of how to use ACARS to upload Flight Management System (FMS) data. Once in, he was able to manipulate the steering of a Boeing jet in 'autopilot' mode, and said he could make oxygen masks drop down, and even cause the plane to crash by setting it on a collision course with another plane.

Teso explained to Forbes: "ACARS has no security at all. The plane has no means to know if the messages it receives are valid or not. So they accept them, and you can use them to upload data to the plane that triggers these vulnerabilities. And then it's game over."

The hijack was all carried out using Teso's code, SIMON, and a specially-made Android app called PlaneSploit (fortunately, it's not available for the masses) which enable the user to: change the plane's course; crash the plane; set lights flashing in the cockpit; activate something when the plane is in a certain area.

As well as ACARS and ADS-B having serious security failings, Teso also pointed out that lots of aircraft computers run outdated software which don't meet modern safety requirements.

Teso told Forbes: "You can use this system to modify approximately everything related to the navigation of the plane. That includes a lot of nasty things."

Although this makes for uncomfortable reading for those of us who love to jet off on holidays, rest assured that the Federal Aviation Administration and the European Aviation Safety Administration have been informed and are working to patch up these security flaws.

Voices
Barn owls are among species that could be affected
charity appeal
News
Sarah Silverman (middle) with sister Reform Rabbi Susan Silverman (right) and sister actress Laura Silverman (left) at Jerusalem's Western Wall for feminist Hanuka candle-lighting ceremony
peopleControversial comedian stages pro-equality Hanukkah lighting during a protest at Jerusalem's Wailing Wall
Arts and Entertainment
The Bach Choir has been crowned the inaugural winner of Sky Arts’ show The Great Culture Quiz
arts + ents140-year-old choir declared winner of Sky Arts' 'The Great Culture Quiz'
Sport
After another poor series in Sri Lanka, Alastair Cook claimed all players go through a lean period
cricketEoin Morgan reportedly to take over ODI captaincy
PROMOTED VIDEO
Life and Style
ebookNow available in paperback
Life and Style
ebooksA superb mix of recipes serving up the freshest of local produce in a delicious range of styles
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Ashdown Group: (PHP / Python) - Global Media firm

    £50000 per annum + 26 days holiday,pension: Ashdown Group: A highly successful...

    Ashdown Group: Part time Network Support Analyst / Windows Systems Administrat

    £30 per hour: Ashdown Group: An industry leading and well established business...

    Ashdown Group: Trainee / Graduate Helpdesk Analyst

    £20000 per annum: Ashdown Group: A highly reputable business is looking to rec...

    Ashdown Group: Application Support Engineer with SQL skills

    £28000 per annum: Ashdown Group: A highly reputable business is looking to rec...

    Day In a Page

    Homeless Veterans appeal: 'You look for someone who's an inspiration and try to be like them'

    Homeless Veterans appeal

    In 2010, Sgt Gary Jamieson stepped on an IED in Afghanistan and lost his legs and an arm. He reveals what, and who, helped him to make a remarkable recovery
    Could cannabis oil reverse the effects of cancer?

    Could cannabis oil reverse effects of cancer?

    As a film following six patients receiving the controversial treatment is released, Kate Hilpern uncovers a very slippery issue
    The Interview movie review: You can't see Seth Rogen and James Franco's Kim Jong Un assassination film, but you can read about it here

    The Interview movie review

    You can't see Seth Rogen and James Franco's Kim Jong Un assassination film, but you can read about it here
    Serial mania has propelled podcasts into the cultural mainstream

    How podcasts became mainstream

    People have consumed gripping armchair investigation Serial with a relish typically reserved for box-set binges
    Jesus Christ has become an unlikely pin-up for hipster marketing companies

    Jesus Christ has become an unlikely pin-up

    Kevin Lee Light, aka "Jesus", is the newest client of creative agency Mother while rival agency Anomaly has launched Sexy Jesus, depicting the Messiah in a series of Athena-style poses
    Rosetta space mission voted most important scientific breakthrough of 2014

    A memorable year for science – if not for mice

    The most important scientific breakthroughs of 2014
    Christmas cocktails to make you merry: From eggnog to Brown Betty and Rum Bumpo

    Christmas cocktails to make you merry

    Mulled wine is an essential seasonal treat. But now drinkers are rediscovering other traditional festive tipples. Angela Clutton raises a glass to Christmas cocktails
    5 best activity trackers

    Fitness technology: 5 best activity trackers

    Up the ante in your regimen and change the habits of a lifetime with this wearable tech
    Paul Scholes column: It's a little-known fact, but I have played one of the seven dwarves

    Paul Scholes column

    It's a little-known fact, but I have played one of the seven dwarves
    Fifa's travelling circus once again steals limelight from real stars

    Fifa's travelling circus once again steals limelight from real stars

    Club World Cup kicked into the long grass by the continued farce surrounding Blatter, Garcia, Russia and Qatar
    Frank Warren column: 2014 – boxing is back and winning new fans

    Frank Warren: Boxing is back and winning new fans

    2014 proves it's now one of sport's biggest hitters again
    Jeb Bush vs Hillary Clinton: The power dynamics of the two first families

    Jeb Bush vs Hillary Clinton

    Karen Tumulty explores the power dynamics of the two first families
    Stockholm is rivalling Silicon Valley with a hotbed of technology start-ups

    Stockholm is rivalling Silicon Valley

    The Swedish capital is home to two of the most popular video games in the world, as well as thousands of technology start-ups worth hundreds of millions of pounds – and it's all happened since 2009
    Did Japanese workers really get their symbols mixed up and display Santa on a crucifix?

    Crucified Santa: Urban myth refuses to die

    The story goes that Japanese store workers created a life-size effigy of a smiling "Father Kurisumasu" attached to a facsimile of Our Lord's final instrument of torture
    Jennifer Saunders and Kate Moss join David Walliams on set for TV adaptation of The Boy in the Dress

    The Boy in the Dress: On set with the stars

    Walliams' story about a boy who goes to school in a dress will be shown this Christmas