If you've ever wanted to hijack a plane—but been prevented by your crippling fear of flying—you can now do it from the ground! All you need is an Android phone, a radio transmitter, flight management software, and some basic hacking skills, and you can control an entire passenger jet from the comfort of your living room. Not that you, uh, should! But you could.
At least, that's what German security consultant Hugo Teso told the crowd at Amsterdam's Hack in the Box security conference. In a presentation called "Aircraft Hacking: Practical Aero Series," Teso explained how with his phone, a radio transmitter, and some flight management software he purchased on eBay, he was able to—hypothetically—hijack and command a plane.
The Aircraft Communications Addressing and Reporting System (ACARS) also has no security; it "is used for exchanging text messages between aircraft and ground stations via radio (VHF) or satellite." [...] Anyone with the right tools and a little know-how can read and send these ACARS messages. [...] the ACARS datalink allowed for "real-time data transmission" and all communications between planes and airports are sent unencrypted. Teso used ACARS to exploit and break into the airplane's onboard computer system and then upload Flight Management System (FMS) data. FMS could be uploaded by software defined radio and ground service providers.
In a nutshell: one of the protocols used by aircraft to communicate with the ground has no security, and someone with a little bit of knowledge and expertise can piggyback it into the onboard computer system, upload their own data, and use a specially-designed Android app that Teso created—called Planesploit—to... well, to do almost anything:
Once he was into the airplane's computer, he was able to manipulate the steering of a Boeing jet while the aircraft was in "autopilot" mode. The only countermeasure available to pilots, if they even realized they were being hacked, would be to turn off autopilot. Yet many planes no longer have old analog instruments for manual flying. Teso said he could take control of most all airplane systems; he could even cause the plane to crash by setting it on a collision course with another plane. He could also give the passengers a serious adrenaline rush by making the oxygen masks drop down.
Help Net explained more of the app's functions:
- Please go here: A way of interacting with the plane where the user can dynamically tap locations on the map and change the plane's course.
- Define area: Set detailed filters related to the airplane, for example activate something when a plane is in the area of X kilometers or when it starts flying on a predefined altitude.
- Visit ground: Crash the airplane.
- Kiss off: Remove itself from the system.
- Be punckish: A theatric way of alerting the pilots that something is seriously wrong - lights start flashing and alarms start buzzing.
[via Computer World]