A security researcher and trained commercial pilot says that an Android app can be used, at least theoretically, to hack a plane.
That includes potentially gaining information about an aircraft's onboard computer, changing the intended destination, flashing interior lights, delivering spoofed malicious messages that affect the behavior of the plane, and, just maybe, if pilots don't manage to turn off autopilot and/or have difficulty with manual flight operation, crashing the plane.
These are theoretical exploits demonstrated by Hugo Teso, a security consultant at n.runs AG in Germany, who gave a talk about his research at the Hack in the Box conference in Amsterdam last week.
Teso said he conducted his research on aircraft hardware and software he acquired from various places, including equipment from vendors offering simulation tools that use actual aircraft code and from eBay, where he found a flight management system (FMS) manufactured by Honeywell and a Teledyne Aircraft Communications Addressing and Reporting System (ACARS) aircraft management unit, according to Network World.
Teso created two tools to exploit vulnerabilities in new aircraft management and communication technologies:
- An exploit framework named SIMON, and
- An Android app named, appropriately enough, PlaneSploit, which delivers attack messages to the airplanes' FMSes.
The two vulnerable technologies Teso exploited with these tools include the e Automatic Dependent Surveillance-Broadcast (ADS-B) (this surveillance technology, used for tracking aircraft, will be required by the majority of aircraft operating in US airspace by Jan. 1, 2020), and the Aircraft Communications Addressing and Reporting System (ACARS), a protocol for exchange of short, relatively simple messages between aircraft and ground stations via radio or satellite that also automatically delivers information about each flight phase to air traffic controllers.
According to Help Net Security, Teso abused these "massively insecure" technologies, using the ADS-B to select targets.
Using the Flightradar24 flight tracker - a publicly available tool that shows air traffic in real time - Teso's PlaneSploit Android app allows the user to tap on any plane found within range - range that would be limited, outside of a virtual testing environment, to antenna use, among other things.
Honeywell spokesman Scott Sayres said that his company is already working with N.Runs to review Teso's research, but downplayed the real-world implications,said Information Week. "If we talk very generically -- not just about Honeywell software -- PC FMS software is normally available as an online pilot training aid," Sayres said via phone. "In other words, what Teso did was hack a PC-based training version of FMS that's used to simulate the flight environment, not the actual certified flight software installed on an aircraft."