Saturday, April 13, 2013

During the Hack in the Box security conference in Amsterdam this week, a security researcher at the German IT consulting firm N.Runs, Hugo Teso demonstrated how he could use an Android app to exploit bugs in flight management software.
This he showed will allow him to totally gain control the airplane without raising a security alarm. The 30 year old man who is also a trained commercial pilot, claims he can make an airliner “dance to his tunes” by using this technology.

Mr. Teso used his PlaneSploit app to do many things in an airplane like feeding false information to the jet, making it change course or even crashing it during a simulation exercise.


Speaking at the conference in Amsterdam, he said he was able to subvert the flight management system (FMS) found on most aircrafts after four years of research.

In order to test the technology, he built a simulator from spare plane parts he bought on eBay. Most of the parts run on many of the systems that are used on commercial aircrafts.

According to Help Net Security, the system works by infiltrating radio broadcasts between aircraft and air traffic control, and then using a second communication system to send malicious messages that could “take full control of the plane” or indirectly affect the pilot’s behavior by making cockpit lights flash, for instance.

The app on the smartphone had an interface of a flight deck with many buttons with different functions on it. Mr. Teso however said it was just a “proof of concept” and that it would not necessarily interfere with real flight systems.

He said it could only operate effectively when a plane is on autopilot and it has limited access once a pilot is operating the plane manually. He continued by saying there was a small chance that terrorist would work out what he did.

“You would have to have solid knowledge of aviation and its protocols.” He said.

Airline bodies such as European Aviation Safety Agency (EASA) and the US Federal Aviation Administration (FAA) have come out through The INQUIRER to play down security threats by insisting it did not reveal potential vulnerabilities on actual flying systems.

3 comments:

  1. Is the app available on the market or jst to show this flaw. If yes to the first then what is it for

    ReplyDelete
    Replies
    1. No it's not available on the market. It's an android app & Samsung galaxy SIII was used for the simulation. He was just trying to show some shortcomings. & in real life situations, you can't gain full control since there'll be a pilot who can operate manually.

      Delete
  2. Thanks for reading and dropping your comment.

    ReplyDelete

What's your view on this? We'll be happy to listen to your opinion.

Related Posts Plugin for WordPress, Blogger...