Hugo Teso, security researcher at German security firm N.Runs, spent three years to create an exploit code framework called SIMON and built the "PlaneSploit" Android app with which he could remotely attack flight management systems on airplanes, with no physical access required.
Once in control, an attacker can alter the course of a plane, set off warning lights and alarms and also crash it.
Teso, a former commercial pilot, demonstrated the hijack on virtual airplanes at the 2013 Hack In The Box security conference in Amsterdam and was able to control their movements in air.
Using the accelerometer in his Android device to move the plane around, one of his scenarios simulated an intoxicated pilot flying over the German capital of Berlin.
According to Teso, the remote hijack is possible thanks to the Automatic Dependent Surveillance-Broadcast, or ADS-B, protocol, which sends aircraft data, such as identity, position and altitude, from on-board transmitters to air traffic controllers.
A second protocol, the Aircraft Communications Addressing and Reporting System (ACARS) – used to deliver messages between aircraft and controllers over radio and satellite – is also open and insecure, Teso found.
By using ADS-B to pick the airliner he wanted to attack and ACARS to identify the type of computer aboard the plane, Teso was able to craft malicious messages that could be used to control the plane with the help of the SIMON framework implanted in the flight management system.
Teso deliberately coded the SIMON malware so that it only works on virtual aircraft and cannot be used on real ones.
However, Teso added that the framework is nearly impossible to detect once deployed in the flight management system and it can be used to upload flight plans, issue specific commands and more.
The researcher also said that the attack only works while the plane is on auto-pilot, not while it is under manual control.
This story originally appeared on SCMagazine.com.au.