Anyone who thought that airport security would allow smartphone use on a plane in the future might be a little worried to know that it is possible to hijack a plane with one.
Hugo Teso, a security consultant at n.runs in Germany, told the Hack In The Box Conference in Amsterdam that it was completely realistic to hijack a plane using Android.
Teso, who has been working in IT for the last eleven years and has been a trained commercial pilot said that the security of aviation computer systems and communication protocols was pants.
According to Security, Teso built an exploit framework dubbed SIMON and an Android app (PlaneSploit) that delivers attack messages to the airplanes’ Flight Management System. He demonstrated how it was possible to take complete control of an aircraft.
He proved his point by making virtual planes “dance to his tune”.
His hack targeted the Automatic Dependent Surveillance-Broadcast (ADS-B), which sends information about each aircraft through an on-board transmitter to air traffic controllers. This allows aircraft equipped with the technology to receive flight, traffic and weather information about other planes nearby.
The other hack was of the Aircraft Communications Addressing and Reporting System (ACARS), which is used to exchange messages between the plane and air traffic controllers via radio or satellite, as well as to automatically deliver information about each flight phase.
He said that both technologies were massively insecure and are susceptible to a number of passive and active attacks.
In the attack, Teso misused the ADS-B to select targets, and the ACARS to gather information about the onboard computer as well as to exploit its vulnerabilities by delivering spoofed malicious messages that affect the “behaviour” of the plane.
Teso has developed the SIMON framework that is deliberately made only to work in a virtual environment and currently cannot be used on real-life aircraft.
He said it is nearly impossible to detect the framework once deployed on the Flight Management System, there is no need to disguise it like a rootkit.