During the Hack in the Box security conference in Amsterdam
this week, a security researcher at the German IT consulting firm N.Runs, Hugo
Teso demonstrated how he could use an Android app to exploit bugs in flight
management software.
Mr. Teso used his PlaneSploit app to do many things in an airplane like feeding false information to the jet, making it change course or even crashing it during a simulation exercise.
Speaking at the conference in Amsterdam, he said he was able to subvert the flight management system (FMS) found on most aircrafts after four years of research.
In order to test the technology, he built a simulator from spare plane parts he bought on eBay. Most of the parts run on many of the systems that are used on commercial aircrafts.
According to Help Net Security, the system works by infiltrating radio broadcasts between aircraft and air traffic control, and then using a second communication system to send malicious messages that could “take full control of the plane” or indirectly affect the pilot’s behavior by making cockpit lights flash, for instance.
The app on the smartphone had an interface of a flight deck with many buttons with different functions on it. Mr. Teso however said it was just a “proof of concept” and that it would not necessarily interfere with real flight systems.
He said it could only operate effectively when a plane is on autopilot and it has limited access once a pilot is operating the plane manually. He continued by saying there was a small chance that terrorist would work out what he did.
“You would have to have solid knowledge of aviation and its protocols.” He said.
Airline bodies such as European Aviation Safety Agency (EASA) and the US Federal Aviation Administration (FAA) have come out through The INQUIRER to play down security threats by insisting it did not reveal potential vulnerabilities on actual flying systems.
This he showed will allow him to totally gain control the
airplane without raising a security alarm. The 30 year old man who is also a
trained commercial pilot, claims he can make an airliner “dance to his tunes”
by using this technology.
Mr. Teso used his PlaneSploit app to do many things in an airplane like feeding false information to the jet, making it change course or even crashing it during a simulation exercise.
Speaking at the conference in Amsterdam, he said he was able to subvert the flight management system (FMS) found on most aircrafts after four years of research.
In order to test the technology, he built a simulator from spare plane parts he bought on eBay. Most of the parts run on many of the systems that are used on commercial aircrafts.
According to Help Net Security, the system works by infiltrating radio broadcasts between aircraft and air traffic control, and then using a second communication system to send malicious messages that could “take full control of the plane” or indirectly affect the pilot’s behavior by making cockpit lights flash, for instance.
The app on the smartphone had an interface of a flight deck with many buttons with different functions on it. Mr. Teso however said it was just a “proof of concept” and that it would not necessarily interfere with real flight systems.
He said it could only operate effectively when a plane is on autopilot and it has limited access once a pilot is operating the plane manually. He continued by saying there was a small chance that terrorist would work out what he did.
“You would have to have solid knowledge of aviation and its protocols.” He said.
Airline bodies such as European Aviation Safety Agency (EASA) and the US Federal Aviation Administration (FAA) have come out through The INQUIRER to play down security threats by insisting it did not reveal potential vulnerabilities on actual flying systems.
Posts
Is the app available on the market or jst to show this flaw. If yes to the first then what is it for
ReplyDeleteNo it's not available on the market. It's an android app & Samsung galaxy SIII was used for the simulation. He was just trying to show some shortcomings. & in real life situations, you can't gain full control since there'll be a pilot who can operate manually.
DeleteThanks for reading and dropping your comment.
ReplyDelete