Hijack an airplane with a phone? Security specialist says it can be done.

German security analyst Hugo Teso has found vulnerabilities in fight system software and hardware. 

|
Reuters
Could you hack a plane's software with an Android phone? Maybe, says one security specialist. Here, a Czech Airlines Airbus A319 takes off in Prague's Vaclav Havel Airport, on April 8, 2013.

In a presentation this week at Hack in the Box, an annual security summit in Amsterdam, German analyst Hugo Teso showed off an Android app called PlaneSploit, which Teso says could be used to override the computer controls on a commercial airliner. With PlaneSploit and SIMON, a homemade attack code, "I can influence the guidance and navigation of the aircraft," Mr. Teso later said in an interview with the BBC.

Couple things to note here. First of all, Teso isn't a criminal (although as the BBC notes, aviation agencies in the US and Europe are extremely interested in chatting with him). Instead, he's a security specialist, who has spent several years experimenting with flight system hardware and software (purchased in most cases on eBay), with the purpose of understanding how it might be exploited – and how those exploits might be prevented.

He has said he will share all findings with the proper authorities.

In addition, both on his blog and in the presentation at Hack in the Box, Teso has been careful not to reveal too much about his findings. 

"As you can understand this is a very sensitive study," Teso wrote on his blog, "so I will not release exploits or vulnerabilities that can be used against aircraft irresponsibly. That is not the goal of this series. [I]t is intended to illustrate the process to study an unusual system, display the status of its safety and learn as much as possible in the process." 

In his tests, Teso used hardware and software from aeronautics suppliers such as Honeywell, Thales, and Rockwell Collins. But in a statement given to Information Week, a spokesman for Honeywell said Teso may have used a different version of the flight-management software, or FMS, than is found in commercial airliners. 

"If we talk very generically – not just about Honeywell software – PC FMS software is normally available as an online pilot training aid," the spokesman said. "In other words, what Teso did was hack a PC-based training version of FMS that's used to simulate the flight environment, not the actual certified flight software installed on an aircraft."

For more tech news, follow us on Twitter @venturenaut

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Hijack an airplane with a phone? Security specialist says it can be done.
Read this article in
https://www.csmonitor.com/Technology/2013/0411/Hijack-an-airplane-with-a-phone-Security-specialist-says-it-can-be-done.
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe