A German security consultant, who’s also a commercial pilot, has demonstrated tools he says could be used to hijack an airplane remotely using just an Android phone, CNN has reported.
Speaking at the Hack in the Box security summit in Amsterdam, Hugo Teso said that he spent three years developing SIMON, a framework of malicious code that could be used to attack and exploit airline security software, and an Android app to run it that he calls PlaneSploit.
However, Teso added that the app only works on virtual aircraft. Using a flight simulator, Teso showed off the ability to change the speed, altitude and direction of a virtual airplane by sending radio signals to its flight-management system. He reportedly added that current security systems don’t have strong enough authentication methods to make sure the commands are coming from a legitimate source. “You can use this system to modify approximately everything related to the navigation of the plane,” Teso reportedly said. “That includes a lot of nasty things.”
He told the crowd that the tools also could be used to do things like change what’s on a pilot’s display screen or turn off the lights in the cockpit. With the Android app he created, he said, he could remotely control a plane by simply tapping preloaded commands like “Please Go Here” and the ominous “Visit Ground.”
He added that he used flight-management hardware that he bought on eBay and publicly available flight-simulator software that contains at least some of the same computer coding as real flight software. Teso said that he’s reached out to the companies that make the systems he exploited and that they were receptive to addressing his concerns. He also said he’s contacted aviation safety officials in the United States and Europe.
The United States Federal Aviation Administration said it is aware of Teso’s claims, but said the hacking technique does not pose a threat on real flights because it does not work on certified flight hardware. “The described technique cannot engage or control the aircraft’s autopilot system using the (Flight Management System) or prevent a pilot from overriding the autopilot,” the FAA said. “Therefore, a hacker cannot obtain ‘full control of an aircraft’ as the technology consultant has claimed in his presentation.”
All this is not making anyone feel better. Although the consultant claims his app is only good for virtual airplanes, how difficult would it be to make it for a real airplane? And for that matter, does this mean hijackers can get into air traffic control systems and airport management as well?
One cannot refute that there will always be an element of danger when travelling on planes, or, for that matter, any mode of transport. But things are definitely much more dangerous when an app can hijack a plane. Authorities have always called for stricter security measures on planes and now might be the time to heed that.
Other phone issues are also being constantly debated when it comes to security. An argument has been presented that claims that a book is no more dangerous than using a connected device during taxi and take off in a flight. Several United States Senators are urging the FAA to allow for more personal electronics on board. “If it’s safe enough for the president of the United States, it’s safe enough for the flying public,” said Senator Claire McCaskill from the state of Missouri. A study is currently being conducted involving airlines and manufacturers that looks closely at the actual effects of electronics on board, or whether this has just become a rule made for rules’ sake. The results should be interesting when they are out.
And of course there is the now famous decree that allows passengers in the United States to carry small knives on board the flight. One can only wonder what a passenger might need the knife for on his flight, but apparently they are allowed on board now.
Although things appear to be pretty tame now, it might be time to think what phones and such technology can actually mean for airlines in the future.