Hacker demonstrates how to hijack an airplane using an Android app

Shawn Knight

Shawn Knight

Posts: 15,285   +192
Staff member

A security consultant by the name of Hugo Teso claims he has created an Android app called PlaneSploit that would allow him to remotely attack and hijack commercial aircraft. He recently presented his findings at the Hack in the Box security conference in Amsterdam where, among other things, he exposed the fact that a number of aviation and aircraft systems have no security in place.

>> See our follow-up to this story: FAA shoots down hijacking demonstration via Android app

Teso, a trained commercial pilot for 12 years, reiterated that the Automated Dependent Surveillance-Broadcast (ADS-B) is unencrypted and unauthenticated which can lead to passive attacks like eavesdropping or active attacks such as message jamming and injection. Furthermore, the Aircraft Communications Addressing and Reporting System (ACARS) – a service used to send text-based messages between aircraft and ground stations - also has no security.

With these vulnerabilities in mind, he used virtual planes in a lab to demonstrate his ability to hijack a plane rather than attempting to take over a real flight as that was “too dangerous and unethical.” He used ACARS to gain access to the plane’s onboard computer system and uploaded Flight Management System data.

Once in, he demonstrated how it was possible to manipulate the steering of a Boeing jet while it was in autopilot mode. The security consultant said he could cause a crash by setting the aircraft on a collision course with another jet or even give passengers a scare by dropping down the emergency oxygen masks without warning.

A pilot could thwart an attack by taking the plane out of autopilot although he pointed out that several newer systems no longer include manual controls. Some systems could be updated to patch the vulnerabilities but many legacy systems would be difficult, if not impossible, to update.

Permalink to story.

https://www.techspot.com/news/52211-hacker-demonstrates-how-to-hijack-an-airplane-using-an-android-app.html

 
And now I understand why they tell you to turn off your phone when flying!! I wont be flying anytime in the near future lol
 
Tygerstrike said:
And now I understand why they tell you to turn off your phone when flying!! I wont be flying anytime in the near future lol
Click to expand...

Actually they tell you to turn off your phones because of the potential for unproven interruption with older flight equipment. Although it is largely a joke as it has been shown that the very pilots themselves keep their Tablets and Smartphones on to read flight plans and passengers rarely actually shut their phones off.
 
Newer systems no longer contain manual controls?

If that's referring to fly-by-wire instead of the older-style flight controls, that's still not something that could be taken over by someone with a computer or a phone. There's no way that someone outside the cockpit could actually take the control of flight away from two pilots sitting behind a yoke.
 
Wow that's scary. I bet the folks at TSA are gonna want to either confiscate your phone or "Inspect it"
 
I saw that mister, don't think I don't monitor you. I think you can kiss your job goodbye.
 
". There's no way that someone outside the cockpit could actually take the control of flight away from two pilots sitting behind a yoke."

If the controls are fly by wire, the yokes simply provide electronic (position sense) inputs to a flight control system. If that system has been hacked and the inputs bypassed, the pilots could flail around all they wanted, their actions will simply not be recognized.

 
Prosercunus said:
Tygerstrike said:
And now I understand why they tell you to turn off your phone when flying!! I wont be flying anytime in the near future lol
Click to expand...

Actually they tell you to turn off your phones because of the potential for unproven interruption with older flight equipment. Although it is largely a joke as it has been shown that the very pilots themselves keep their Tablets and Smartphones on to read flight plans and passengers rarely actually shut their phones off.
Click to expand...

It's actually not a joke. My friend is a pilot with a large airlines and he told me that you can tell when people try using their phones when they aren't supposed to. In the cockpit they will hear buzzing noises in their headphones.
 
Ignorance of the average individual about airplanes and technology in general.
  • The reason you turn off your equipment in flight is because while one or two phones may not interfere with electronics, 100 or 200 on at the same time could. Don't do it.
  • Flight controls and engine management systems have overides and backups. Good (professional) pilots train to handle things when the equipment fails or malfunctions. It's why they are in the seat. A hacker might make the flight temporarily more interesting but nothing is going to "crash". It's why analog stuff is still there to backup all the displays and pretty colors.
  • Don't these "app developers" have anything better to do - like tagging water tanks in east Texas?
 
As much as I love tech.... Was anyone else bothered by the line that said, "A pilot could thwart an attack by taking the plane out of autopilot although he pointed out that several newer systems no longer include manual controls." Seriously, no manual controls. errr......
 
Actually, it is the volume of users on mobile and wireless devices that can cause interference. Singular use such as pilots have no effect. It is on the newer aircraft such as the Airbus later models that are more effected than the older Boeing versions. Airbus uses all radio signal controls for flaps, thrust, etc.. while Boeing uses all hydraulic and hardwire configurations on their older models. Only the wireless planes would have any issues. Boeing today, uses radio wireless formats on their planes, but backs up with hydraulics and hardwire as well.
Twenty five pilots on a tarmac will have no effect. Two thousand folks streaming and using wireless however will have an impact.
 
Hey, unjustified or not, if it gets people to STFU for the time I'm on a plane, fine by me. Now if only we could find a similar way to shut babies up....
 
The entire point of security conferences is to expose security flaws publicly and allow the companies a chance to close them. The alternative is that they find out about a flaw after it is exploited by a criminal or another person with bad intentions (or they ignore it until it becomes a problem).

Publicly announcing a problem like this forces organizations to admit that they have problems and repair them before there is an actual tragedy.
 
There is no way, you can upload a FMS when it in flight, there are provisions to prevent that for any electronics. I wouldnt worry so much
 
I'm sure everyone also realizes this would give someone access of control from the ground. A cell phone anywhere on the plane is a potential risk and can be controlled remotely. The solution is to tighten security on the plane, not disabling cell phones which would be impossible.
 
How soon can we download this app from the app store?

Stuxnet for the Airbus anyone?
 
So you get your *** on a rocket and try to hack it while flying it, that's smart. Where did I see it though,...oh yeah, the coyote - that's what they should call the program!
 
  • Like
Reactions: cliffordcooley
You must log in or register to reply here.

Similar threads

A
Android 15 might come with an improved desktop mode
Replies
5
Views
102
NumberNine
NumberNine
Daniel Sims
Windows 11 Android support ends next March
Replies
5
Views
160
trents
T
Shawn Knight
German railway seeks IT admin to manage MS-DOS and Windows 3.11 systems
2
Replies
25
Views
433
Ben Myers
Ben Myers

Latest posts

Back