Researcher demonstrates Android app that could hack airplanes

Share this article:
Researcher demonstrates Android app that could hack airplanes
Researcher demonstrates Android app that could hack airplanes
A German security researcher demonstrated Thursday how to take total control of airliners with the help of an Android application that takes advantage of open and insecure air traffic communications systems.

Hugo Teso, security researcher at German security firm N.Runs, spent three years to create an exploit code framework called SIMON and built the "PlaneSploit" Android app with which he could remotely attack flight management systems on airplanes, with no physical access required.

Once in control, an attacker can alter the course of a plane, set off warning lights and alarms and also crash it.

Teso, a former commercial pilot, demonstrated the hijack on virtual airplanes at the 2013 Hack In The Box security conference in Amsterdam and was able to control their movements in air.

Using the accelerometer in his Android device to move the plane around, one of his scenarios simulated an intoxicated pilot flying over the German capital of Berlin.

According to Teso, the remote hijack is possible thanks to the Automatic Dependent Surveillance-Broadcast, or ADS-B, protocol, which sends aircraft data, such as identity, position and altitude, from on-board transmitters to air traffic controllers.

A second protocol, the Aircraft Communications Addressing and Reporting System (ACARS) – used to deliver messages between aircraft and controllers over radio and satellite – is also open and insecure, Teso found.

By using ADS-B to pick the airliner he wanted to attack and ACARS to identify the type of computer aboard the plane, Teso was able to craft malicious messages that could be used to control the plane with the help of the SIMON framework implanted in the flight management system.

Teso deliberately coded the SIMON malware so that it only works on virtual aircraft and cannot be used on real ones.

However, Teso added that the framework is nearly impossible to detect once deployed in the flight management system and it can be used to upload flight plans, issue specific commands and more.

The researcher also said that the attack only works while the plane is on auto-pilot, not while it is under manual control.

This story originally appeared on SCMagazine.com.au.

Share this article:

Sign up to our newsletters

More in News

In Cisco probe, misuse or compromise spotted on all firms' networks

In Cisco probe, misuse or compromise spotted on ...

Cisco analyzed the business networks of 30 multinational companies last year, and revealed the findings in its 2014 Annual Security Report.

Fareit trojan observed spreading Necurs, Zbot and CryptoLocker

The Necurs and Zbot trojans, as well as CryptoLocker ransomware, has been observed by researchers as being spread through another trojan, known as Fareit.

Post Heartbleed, tech giants join initiative to bolster open source

Post Heartbleed, tech giants join initiative to bolster ...

The newly formed Core Infrastructure Initiative, created to boost under-funded open source projects, will tackle OpenSSL first.