Published On: Mon, Apr 15th, 2013

Revealed: It’s possible to hack and hijack an entire aircraft using an Android smartphone

It’s possible to hack and hijack an entire aircraft using an Android smartphone

Ever wondered why we are made to switch off our phones and laptops on airlines. It’s possible to interfere with the aircraft communications systems and worst still hack and hijak an entire aircraft using an Android smartphone.

Hugo Teso a commercial airline pilot turned computer security consultant explained to the Hack In The Box security conference audience how it’s been possible to develop tools which can run on a phone and be used to hack aircraft from the comfort of a window seat.

Taking advantage of two new technologies for the discovery, information gathering and exploitation phases of the attack, and creating an exploit framework (SIMON) and an Android app (PlaneSploit) that delivers attack messages to the airplanes’ Flight Management Systems (computer unit + control display unit), he demonstrated the worrying ability to take complete control of aircrafts by making virtual planes “dance to his tune.”

The two technologies he abused is the Automatic Dependent Surveillance-Broadcast (ADS-B) and the Aircraft Communications Addressing and Reporting System (ACARS).

Automatic Dependent Surveillance-Broadcast (ADS-B) sends information about each aircraft (identification, current position, altitude, and so on) through an on-board transmitter to air traffic controllers. It  also allows aircrafts equipped with the technology to receive flight, traffic and weather information about other aircrafts currently on air within their vicinity.

Aircraft Communications Addressing and Reporting System (ACARS) is used to exchange messages between aircrafts and air traffic controllers via radio or satellite, as well as to automatically deliver information about each flight phase to the latter.

It is possible to gain information about the aircraft on-board computer, and deliver spoofed malicious messages that affect the behavior of the aircraft by exploiting these vulnerabilities.

Hugo Teso’s Android app called PlaneSploit can change the intended destination, flashing interior lights to, wait for it…….,  crashing the plane — though it’s not clear quite how well they’d work in practice.

Good news, Hugo Teso has not shared these vulnerabilities details. He is already working with the industry to correct these security issues.

About the Author

Leave a comment

XHTML: You can use these html tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>



* Your Email:
   First Name:
   Last Name: