Feeds

Researcher hacks aircraft controls with Android smartphone

This may give the TSA some ideas

SANS - Survey on application security programs

A presentation at the Hack In The Box security summit in Amsterdam has demonstrated that it's possible to take control of aircraft flight systems and communications using an Android smartphone and some specialized attack code.

Hugo Teso, a security researcher at N.Runs and a commercial airline pilot, spent three years developing the code, buying second-hand commercial flight system software and hardware online and finding vulnerabilities within it. His presentation will cause a few sleepless nights among those with an interest in aircraft security.

Teso's attack code, dubbed SIMON, along with an Android app called PlaneSploit, can take full control of flight systems and the pilot's displays. The hacked aircraft could even be controlled using a smartphone's accelerometer to vary its course and speed by moving the handset about.

"You can use this system to modify approximately everything related to the navigation of the plane," Teso told Forbes. "That includes a lot of nasty things."

First, Teso looked at the Automatic Dependent Surveillance-Broadcast (ADS-B) system that updates ground controllers on an aircraft's position over a 1Mb/s data link. This has no security at all, he found, and could be used to passively eavesdrop on an aircraft's communications and also actively interrupt broadcasts or feed in misinformation.

Also vulnerable is the Aircraft Communications Addressing and Reporting System (ACARS), the communication relay used between pilots and ground controllers. Using a Samsung Galaxy handset, he demonstrated how to use ACARS to redirect an aircraft's navigation systems to different map coordinates.

"ACARS has no security at all. The airplane has no means to know if the messages it receives are valid or not," he said. "So they accept them and you can use them to upload data to the airplane that triggers these vulnerabilities. And then it's game over."

Teso was also able to use flaws in ACARS to insert code into a virtual aircraft's Flight Management System. By running the code between the aircraft's computer unit and the pilot's display he was able to take control of what the aircrew would be seeing in the cockpit and change the direction, altitude, and speed of the compromised craft.

He admitted that some of this was moot, given that the human pilot could always override the automatic systems, but the software could be used to make cockpit displays go haywire or control other functions, like deploying oxygen masks or lights.

The precise nature of the code flaws wasn't released – for understandable reasons – but Teso says the Federal Aviation Administration and the European Aviation Safety Administration have both been informed and are working on fixing the issue. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.