April 12, 2013
Man Claims He Can Take Down A Plane With Google’s Android
Michael Harper for redOrbit.com — Your Universe Online
Security conferences give experts and hackers alike a chance to expose exploits and weak points in software, all with the understood intent to get these issues fixed. For example, last July Charlie Miller demonstrated how he could break into an Android phone with a malicious NFC chip and some lines of code.
According to The Telegraph, this week German security researcher Hugo Teso spoke during the Hack in the Box security conference in Amsterdam and demonstrated a way to hijack an airplane with an Android app.
Teso is a trained commercial pilot, but demonstrated this alleged security flaw as a researcher for N.Runs, a German IT consultancy group. Using an app he built, Teso demonstrated how he could take control of the airplane and redirect it´s path, flash the lights in the cockpit and even adjust the air conditioning.
“You can use this system to modify approximately everything related to the navigation of the plane,” said Teso in an interview with Forbes. “That includes a lot of nasty things.”
Following his demonstration, the Federal Aviation Administration (FAA) and other aviation safety companies have said they disagree with this demonstration and do not believe the software used in airplanes to be so vulnerable.
Mr. Teso´s homemade Android app takes advantage of a flaw in a decades old protocol used to exchange data between the airplane and air traffic controllers. The Aircraft Communications Addressing and Report System, (ACARS) is used to share information such as weather conditions and flight path to and from the plane. Mr. Teso says ACARS requires almost no authentication by users, meaning breaking into the system could hypothetically be easy to do.
After spending three years reverse-engineering the software, Teso said he found enough bugs to build an Android app and send his own commands to the airplane.
“ACARS has no security at all. The airplane has no means to know if the messages it receives are valid or not,” explains Teso.
“So they accept them and you can use them to upload data to the airplane that triggers these vulnerabilities. And then it´s game over.”
Running the app on his Samsung Galaxy phone, Teso showed how he could control a plane by way of some hardware he purchased on eBay and publicly available flight simulation software. In one example, Teso was able to flash the lights inside the cockpit, potentially fooling the pilots into thinking the systems were malfunctioning.
Though Mr Teso claims his software has near total control of the airplane, it only works when the pilots have put the plane on autopilot. If a pilot were to manually take the controls in the middle of a hijacking attempt, the hacker´s plans would be foiled.
After hearing about Teso´s claims, the FAA has released a statement - obtained by Mashable - claiming Teso´s hack poses no threat to real planes because he isn´t using the right kind of hardware.
“The FAA has determined that the hacking technique described during a recent computer security conference does not pose a flight safety concern because it does not work on certified flight hardware,” reads the FAA´s statement.
“The described technique cannot engage or control the aircraft´s autopilot system using the FMS or prevent a pilot from overriding the autopilot. Therefore, a hacker cannot obtain “full control of an aircraft” as the technology consultant has claimed.”
One of the companies responsible for building the ACARS software, Honeywell, has said they´re working with Teso´s company to “assess” his claims, but also admit that the actual hardware and software on planes is much more secure than what was used in this demonstration.
“The version he used of our flight management system is a publicly available PC simulation,” explained a Honeywell spokesperson, “and that doesn´t have the same protections against overwriting or corrupting as our certified flight software.”