Security researcher demos Android app airplane hijack

By on
Security researcher demos Android app airplane hijack

There really is an app for everything.

A German security researcher demonstrated yesterday how to take total control of airliners with the help of an Android app that takes advantage of open and insecure air traffic communications systems.

Hugo Teso of N.Runs AG spent three years to create an exploit code framework called SIMON and built the PlaneSploit Android app with which he could remotely attack flight management systems on airplanes, with no physical access required.

Once in control, an attacker can alter the course of a plane, set off warning lights and alarms and also crash it.

Teso, a former commercial pilot, demonstrated the hijack on virtual airplanes at the 2013 Hack In The Box security conference in Amsterdam and was able to control their movements in air.

One of his scenarios simulated a drunk pilot flying over the German capital Berlin, using the accelerometer in his Android device to move the plane around.

Hugo Teso demonstrating remote airplane hijack. The Dutch text says "left, down, right and right again and up".

According to Teso, the remote hijack is possible thanks to the Automatic Dependent Surveillance-Broadcast or ADS-B protocol that sends data about aircraft such as identity, position and altitude from on-board transmitters to air traffic controllers and other flights being open and abuseable. 

A second protocol, the Aircraft Communications Addressing and Reporting System (ACARS) — used to deliver messages between aircraft and controllers over radio and satellite — is also open and insecure, Teso has found.

By using ADS-B to pick the airliner he wanted to attack and ACARS to identify the type of computer aboard the plane, Teso was able to craft malicious messages that could be used to control the plane with the help of the SIMON framework implanted in the flight management system.

Teso deliberately coded the SIMON malware so that it only works on virtual aircraft and cannot be used on real ones.

However, Teso notes that the framework is nearly impossible to detect once deployed in the flight management system and it can be used to upload flight plans, issue specific commands and more.

The researcher also said that the attack only works while the plane is on auto pilot and not while it is under manual control.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?