Hacker Hijacker

Image

On Wednesday, Hugo Teso, a security researcher for a German consultancy company named N. Runs spoke at the “Hack In The Box” security conference in Amsterdam. In his presentation, he demonstrated how he could use his Android smart phone in order to hijack an airplane. With the use of the Android, he would be able to control the steering of the plane without even being in the aircraft itself. It is a protocol, called Aircraft Communications Addressing and Report System (ACARS), that is used to deliver data to the aircrafts that makes them vulnerable to this type of security breach.

Image

Teso exploited the flaws of the protocol, maintaining that he could control the actions and directions of the plane with a few simple taps of his finger on his Droid. The program that would allow him to do this is an App he designed, named “Planesploit”. The App allows the user to communicate with the planes Flight Management Systems (FMS), thus giving them control over the aircraft. In an interview with Forbes, Teso is quoted as claiming “You can use this system to modify approximately everything related to the navigation of the plane… That includes a lot of nasty things.”

Image

ACARS major problem is that they do not have any sort of protection or security software that allows a plane to distinguish between what is coming from authorized plane sources, and what is coming from other, unofficial sources. Teso demonstrated, with a digital plane simulation, how he would be able to hijack the plane using his Droid. However, there are some that do not believe that what he is claiming is entirely true, such as the Federal Aviation Administration. After hearing about Teso’s presentation, the FAA stated:

“[Teso’s technique] does not pose a flight safety concern because it does not work on certified flight hardware… The described technique cannot engage or control the aircraft’s autopilot system using the FMS or prevent a pilot from overriding the autopilot…Therefore, a hacker cannot obtain ‘full control of an aircraft’ as the technology consultant has claimed.”

Teso confirmed that indeed the pilot might be able to override anything that the app is used to do on board, but that does not mean that there are not other things that one could do to throw off the pilot. The software would allow people to do things such as set off lights on the panel of the plane, and make the emergency air masks drop.

Personally, I was shocked by this article and that Teso even thought to make this type of technology in the first place. Why make an App that allows people to gain partial control of an aircraft. To me, the App was a foolish idea to begin with, because who, other than people looking to do harm, is going to want that App? Why even make that type of power available, especially when the only requirement to gaining access to it is owning a smart phone, which nowadays is extremely common to have. Even though Teso’s claims may not be 100% accurate, they did manage to expose flaws in aircraft control security, which should be corrected immediately, especially in a time where people are already scared to fly because of the physical threat of terrorists, let alone the electronic threat.

For more tech updates, follow me on twitter! @shawnmcniff

 

link to original article: http://www.theage.com.au/technology/technology-news/hijacking-planes-with-an-android-phone-20130412-2hp59.html

Advertisements

4 thoughts on “Hacker Hijacker

  1. I am very shocked that planes are so easy to hack into and that the safety of many people’s lives are in the hands of an app. I really like your blog it was interesting and gave a good summary of the article. I also liked how you embedded a quote into the blog. Although I am shocked that Teso would make an app like this, I am glad he did it before someone who may be an enemy of the United States created it first. Since he announced it at a conference, the FAA is able to prevent the problem before it gets out of hand. If Teso had discretely made the App and then used it on a plane many lives would be in danger. It’s just like how the guest speaker we had on thursday gave the example of the gambling website. Instead of giving the hackers money and control, the gambling site invested in security and were able to prevent problems in the future. Now the FAA will be able to address the problem before it becomes a danger to people’s safety. I think this also address another problem. Since android apps are not regulated anybody can make an app and put it on the app store, which means Teso’s app is available for anyone. I wonder if now, android will put more regulations on their app store to prevent hacking apps like these.

  2. I thought this was a great blog post, and I was pretty surprised and frightened while reading about the app. I thought this was post was really well-written, and I really liked that you explained the situation first and then spent time giving your opinion and your insights. I thought your input added to the blog since you had spent time looking into this issue. I also enjoyed your use of pictures. It might be nice if you included a link or two so your readers can learn more about Teso and his app to get more information. I think people will come out with apps of all forms, whether they are dangerous or not, so everyone else has to be prepared and ready to make changes in security and privacy. When we have the technology, people will use it for good and bad. If people can use their smartphones to control aviation, I wonder if technology will come out where people can use smartphones to control driving a vehicle even if they aren’t in the car. This brings up a lot of security issues and makes us think about what new problems will arise in the future.

  3. Great blog post, Shawn. I also thought the pictures were a great addition. I was really surprised when I read this post. I had never heard of anything like it. To think that there is possibly a way to hijack a plane from on the ground so easily is very scary. Once again, this brings the double-edged sword of technology into question. If people are able to gain access to these kind of programs, will we ever be completely safe. What if someone other than Teso created this app and was able to use it in order to actually hijack a plane. The internet has made seemingly private information available to anyone who has the knowledge and ability to look for it. As we discussed with our guest lecturer on security, hackers are extremely difficult to trace and although the knowledge of most hackers has decreased over time, there is definitely people out there today who can do crazy and scary things that security systems won’t see coming.

  4. What a great post. Here is certainly an example of great technology being a double-edged sword. Luckily he was decent enough to point out the flaws. Hopefully the FAA swallows its pride and takes a look into this. An article like this makes me wonder what other unknown vulnerabilities are out there in our daily lives.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s