An article I wrote for Electronic Products
A security researcher was able to hack an aircraft’s cockpit with an Android smartphone
After you board a plane and are safely buckled in your seat, the pilot reminds you and the other passengers with their noses tucked into their touchscreens to power off all electronic devices. If they interfere with the in-flight management system, there could be some serious disturbances. But still, there are the few testy travelers who ignore the pilot’s requests, because, really, how much harm can a little smart phone do?
Apparently a lot, as was evidenced by a security researcher, who claimed that he could hack into an aircraft’s cockpit with his Android mobile phone.
At the annual security conference, Hack In The Box, which took place in Amsterdam this year, security researcher, Hugo Teso, demonstrated that it’s possible to take full control of aircraft flight systems and communications. All you need are two things: an Android smartphone and a specialized attack code.
Teso spent three years developing the attack code, which he named SIMON, and bought second-hand commercial flight system software and hardware off the Internet. By using the attack code, along with an Android app known as PlaneSploit, Teso found that he was able to take full control of flight systems as well as the pilot’s displays. Even more shocking, the hacked aircraft could be controlled using a smartphone’s accelerometer to vary its course and speed.
After discovering that the Automatic Dependent Surveillance-Broadcast (ADS-B) system, which updates ground controllers on an aircraft’s position, was completely unsecure, Teso found it could be used to eavesdrop on an aircraft’s communications as well as interrupt broadcasts or feed in misinformation.
The Aircraft Communications Addressing and Reporting System (ACARS), the communication relay between pilots and ground controllers, was also found vulnerable. By using a Samsung Galaxy handset, Teso demonstrated how to use ACARS to redirect an aircraft’s navigation systems to different map coordinates. He was able to insert code into a virtual aircraft’s Flight Management System, and by passing the code between the aircraft’s computer unit and the pilot’s display, Teso was able to take total control of what the aircrew would see in the cockpit.
Although some of this is doubtful, as the pilot has the option to override the automatic systems, the software could be used to easily control other functions, such as deploying oxygen masks and lights.
According to Teso, the Federal Aviation Administration and the European Aviation Safety Administration have been working on fixing the issues.
Story via theregister.co.uk.