Airplanes can be hijacked using an Android smartphone, security consultant and trained commercial pilot Hugo Teso told an audience at the Hack in the Box conference in Germany on Wednesday.
Teso, who works for N.runs, created an exploit framework he calls “SIMON,” and crafted an Android app he named “PlaneSploit” that delivers attack messages to an aircraft’s flight management system (FMS).
He gathered data from the Automatic Dependent Surveillance-Broadcast (ADS-B) technology used for tracking aircraft in flight. Teso also leveraged the Aircraft Communications Addressing and Reporting System (ACARS), which is a digital datalink system for transmitting short simple messages between aircraft and ground stations by radio or satellite.
“We do need to treat airlines and airline control like any other secure transmission system and give it a much needed upgrade,” Ken Pickering, development manager, security intelligence at CORE Security, told TechNewsWorld. “Most of this airline technology is pretty old, and I doubt it’s anywhere near as secure as it needs to be.”
Modern aircraft are more susceptible to hacking than older ones, said Richard Westmoreland, Level III Security Analyst at SilverSky. On the newer Boeing 787, for example, the control systems and the media content for passengers were put on the same network in 2008, and one of the computer chips used in the system has a built-in backdoor that was easy to find and exploit.
Teso acquired aircraft hardware and software from various suppliers, including vendors of simulation tools that use actual aircraft code, and from eBay. The latter supplied him with an FMS and an ACARS aircraft management unit, both made by Honeywell.
He then reportedly created virtual aircraft and set up a station to send them specially crafted ACARS messages in order to exploit vulnerabilities in their FMSes. The FMS automates various in-flight tasks, including management of the flight plan. It uses various sensors, including GPS, to determine an aircraft’s position and guide it along its flight plan path.
Teso apparently used ADS-B to identify potential targets and gather basic information about them from Flightradar24.com, a site that lets users track live flights in real-time. Several similar sites exist, Teso said, and a quick search on the Web turned up several, including FlightAware, FlightView, and Planefinder. All three offer mobile flight tracking apps.
ACARS provided Teso more information about potential targets. Combining this information with other open source data makes it possible to determine quite accurately what model of FMS a particular aircraft is using, he reportedly said.
Once it’s known which version of FMS a particular aircraft is using, attackers can build their own software-defined radio systems, or hack into the systems of ground service providers and send rogue ACARS messages to the target plane. However, doing so would alert the authorities.
Teso then created SIMON to run on a compromised FMS that could be used to make flight plan changes or execute commands remotely. The PlaneSploit app automates the entire attack process.
SIMON reportedly runs only on x86 architecture, and cannot be used against FMS systems on real aircraft, which use different architectures.
However, that’s no consolation for either the airlines or their passengers. “Since he was able to show a working proof of concept, there is a chance somebody else has already created a similar attack toolset,” Westmoreland told TechNewsWorld.
“This is quite a serious security flaw, particularly given that the attacker can conduct exploit activities from the ground,” Joe Bonnell, CEO of Alchemy Security, told TechNewsWorld. It will require revision of ACAR to introduce encryption into wireless communications between aircraft and service providers.
However, the possibility of such an attack has nothing to do with why passengers are required to turn off wireless and mobile devices during takeoff and landing. That’s to reduce possible electromagnetic interference with sensitive systems, Westmoreland said.
- JFK was with mistress when Jackie gave birth, friend Carly Simon says
- Ex-Chancellor Philip Hammond blasts Boris Johnson's 'threats and tantrums' saying he will vote AGAINST the PM's call for a pre-Christmas election because he wants a Brexit deal done first
- Google Nexus tablet poses no threat to iPad, says analyst
- 10 Airplane Hijacks that Transformed the Aviation Industry
- Hacker Demonstrates Remote Plane Hijacking Using Android App
- Jackie Kennedy Onassis once shared ‘a magical evening’ with Alec Baldwin in disguise, Carly Simon says
- Simon Says Find It
- Uddhav now has remote control of power in Maharashtra, says Shiv Sena
- Uddhav now has remote control of power in Maharashtra, says Sena
- The Gulf Between Perception and Reality of Cyber Threats is Widening, Says Cisco