Researcher shows how to hack (and crash) a passenger aircraft with an Android phone...

 

If you're nervous about flying, this won't allay your fears about hopping on a plane, so you might want to look away now. The Hack In The Box security conference taking place in Amsterdam this week has thrown up some interesting talks - but none so concerning as 'Aircraft Hacking: Practical Aero Series' by Hugo Teso.

Teso works as a security consultant at n.runs in Germany, and his Aircraft Hacking talk promised a practical demonstration of how to remotely attack and take full control of an aircraft. His talk was the product of three years of developing code and tinkering with second-hand flight system software and hardware. It comes a fortnight after the Federal Aviation Administration (FAA) have expressed hopes that they will be able to relax rules for reading devices during take-off and landing - and with this research, they may want to reconsider their position.

The results of Teso's hard work are terrifying. Firstly, the Automated Dependent Surveillance-Broadcast (ADS-B), which is a surveillance technology for tracking aircraft, has no security. The United States government will require all aircraft to be equipped with ADS-B by the year 2020 - however, the system has been proven to be unencrypted and unauthenticated. Teso's presentation stated that the attacks on this system "range from passive attacks (eavesdropping) to active attacks (message jamming, replaying, injection)".

Secondly, the Aircraft Communications Addressing and Reporting System (ACARS) - which is used for exchanging messages between aircraft and stations via radio or satellite - also has no security. Teso pointed out that anyone with a little knowledge can read and send ACARS messages - and it may be as simple as purchasing some hardware from eBay.

Using a lab of virtual planes based on real aircraft codes, Teso gave a practical demonstration of how to use ACARS to upload Flight Management System (FMS) data. Once in, he was able to manipulate the steering of a Boeing jet in 'autopilot' mode, and said he could make oxygen masks drop down, and even cause the plane to crash by setting it on a collision course with another plane.

Teso explained to Forbes: "ACARS has no security at all. The plane has no means to know if the messages it receives are valid or not. So they accept them, and you can use them to upload data to the plane that triggers these vulnerabilities. And then it's game over."

The hijack was all carried out using Teso's code, SIMON, and a specially-made Android app called PlaneSploit (fortunately, it's not available for the masses) which enable the user to: change the plane's course; crash the plane; set lights flashing in the cockpit; activate something when the plane is in a certain area.

As well as ACARS and ADS-B having serious security failings, Teso also pointed out that lots of aircraft computers run outdated software which don't meet modern safety requirements.

Teso told Forbes: "You can use this system to modify approximately everything related to the navigation of the plane. That includes a lot of nasty things."

Although this makes for uncomfortable reading for those of us who love to jet off on holidays, rest assured that the Federal Aviation Administration and the European Aviation Safety Administration have been informed and are working to patch up these security flaws.

Life and Style
ebookNow available in paperback
ebooks
ebookPart of The Independent’s new eBook series The Great Composers
Arts and Entertainment
Larry David and Rosie Perez in ‘Fish in the Dark’
theatreReview: Had Fish in the Dark been penned by a civilian it would have barely got a reading, let alone £10m advance sales
News
Details of the self-cleaning coating were published last night in the journal Science
science
News
Approved Food sell products past their sell-by dates at discounted prices
i100
News
Life-changing: Simone de Beauvoir in 1947, two years before she wrote 'The Second Sex', credited as the starting point of second wave feminism
peopleHer seminal feminist polemic, The Second Sex, has been published in short-form to mark International Women's Day
News
i100
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Recruitment Genius: Digital Marketing Executive

    £18000 - £20000 per annum: Recruitment Genius: A Digital Marketing Executive i...

    Ashdown Group: Senior VMware Platform Engineer - VMware / SAN / Tier3 DC

    £45000 - £55000 per annum + benefits: Ashdown Group: Senior VMware Platform En...

    Ashdown Group: Automated Tester / Test Analyst - .Net / SQL - Cheshire

    £32000 per annum + pension, healthcare & 23 days holiday: Ashdown Group: A gro...

    Ashdown Group: Application Developer - C#.Net, ASP.Net - Cambridgeshire

    Negotiable: Ashdown Group: Software Application Developer (C# & ASP.Net, SQL S...

    Day In a Page

    Homeless Veterans campaign: Donations hit record-breaking £1m target after £300,000 gift from Lloyds Bank

    Homeless Veterans campaign

    Donations hit record-breaking £1m target after huge gift from Lloyds Bank
    Flight MH370 a year on: Lost without a trace – but the search goes on

    Lost without a trace

    But, a year on, the search continues for Flight MH370
    Germany's spymasters left red-faced after thieves break into brand new secret service HQ and steal taps

    Germany's spy HQ springs a leak

    Thieves break into new €1.5bn complex... to steal taps
    International Women's Day 2015: Celebrating the whirlwind wit of Simone de Beauvoir

    Whirlwind wit of Simone de Beauvoir

    Simone de Beauvoir's seminal feminist polemic, 'The Second Sex', has been published in short-form for International Women's Day
    Mark Zuckerberg’s hiring policy might suit him – but it wouldn’t work for me

    Mark Zuckerberg’s hiring policy might suit him – but it wouldn’t work for me

    Why would I want to employ someone I’d be happy to have as my boss, asks Simon Kelner
    Confessions of a planespotter: With three Britons under arrest in the UAE, the perils have never been more apparent

    Confessions of a planespotter

    With three Britons under arrest in the UAE, the perils have never been more apparent. Sam Masters explains the appeal
    Russia's gulag museum 'makes no mention' of Stalin's atrocities

    Russia's gulag museum

    Ministry of Culture-run site 'makes no mention' of Stalin's atrocities
    The big fresh food con: Alarming truth behind the chocolate muffin that won't decay

    The big fresh food con

    Joanna Blythman reveals the alarming truth behind the chocolate muffin that won't decay
    Virginia Ironside was my landlady: What is it like to live with an agony aunt on call 24/7?

    Virginia Ironside was my landlady

    Tim Willis reveals what it's like to live with an agony aunt on call 24/7
    Paris Fashion Week 2015: The wit and wisdom of Manish Arora's exercise in high camp

    Paris Fashion Week 2015

    The wit and wisdom of Manish Arora's exercise in high camp
    8 best workout DVDs

    8 best workout DVDs

    If your 'New Year new you' regime hasn’t lasted beyond February, why not try working out from home?
    Paul Scholes column: I don't believe Jonny Evans was spitting at Papiss Cissé. It was a reflex. But what the Newcastle striker did next was horrible

    Paul Scholes column

    I don't believe Evans was spitting at Cissé. It was a reflex. But what the Newcastle striker did next was horrible
    Miguel Layun interview: From the Azteca to Vicarage Road with a million followers

    From the Azteca to Vicarage Road with a million followers

    Miguel Layun is a star in Mexico where he was criticised for leaving to join Watford. But he says he sees the bigger picture
    Frank Warren column: Amir Khan ready to meet winner of Floyd Mayweather v Manny Pacquiao

    Khan ready to meet winner of Mayweather v Pacquiao

    The Bolton fighter is unlikely to take on Kell Brook with two superstar opponents on the horizon, says Frank Warren
    War with Isis: Iraq's government fights to win back Tikrit from militants - but then what?

    Baghdad fights to win back Tikrit from Isis – but then what?

    Patrick Cockburn reports from Kirkuk on a conflict which sectarianism has made intractable