Planes Can Be Hacked Remotely With Android App, Researcher Claims.
Planes Can Be Hacked Remotely With Android App, Researcher Claims.
From the sound of things,
this researcher has garnered plenty of media attention but still values
aircraft and passenger safety well over fame and glory.
A
security researcher and trained commercial pilot combined his interests and
cooked up an exploit framework and Android app that can be used, at least
theoretically, to hack a plane.
That
includes potentially gaining information about an aircraft's onboard computer,
changing the intended destination, flashing interior lights, delivering spoofed
malicious messages that affect the behavior of the plane, and, just maybe, if
pilots don't manage to turn off autopilot and/or have difficulty with manual
flight operation, crashing the plane.
These
are theoretical exploits demonstrated by Hugo Teso, a security consultant at
n.runs AG in Germany, who gave a talk about his research at the Hack in the Box conference
in Amsterdam on Wednesday.
Of
course, Teso hasn't tried any of this out on real planes, given that there
aren't many planes lying around waiting for people/plane/landscape
annihilation, which would, at any rate, be illegal and amoral.
Rather,
he conducted his research on aircraft hardware and software he acquired from
various places.
That
includes equipment from vendors offering simulation tools that use actual aircraft
code and from eBay, where he found a flight management system (FMS)
manufactured by Honeywell and a Teledyne Aircraft Communications Addressing and
Reporting System (ACARS) aircraft management unit, according to
Network World.
According
to Help Net Security's Zeljka Zorz and Berislav Kucan, Teso's
demonstration shed light on "the sorry state of security of aviation
computer systems and communication protocols."
Teso
created these two tools to exploit vulnerabilities in new aircraft management
and communication technologies:
An
exploit framework named SIMON, and
An
Android app named, appropriately enough, PlaneSploit, which delivers attack
messages to the airplanes' FMSes.
The
two vulnerable technologies Teso exploited with these tools:
The
Automatic Dependent Surveillance-Broadcast (ADS-B) (this surveillance
technology, used for tracking aircraft, will be required by the majority of
aircraft operating in US airspace by Jan. 1, 2020), and
The
Aircraft Communications Addressing and Reporting System (ACARS), a protocol for
exchange of short, relatively simple messages between aircraft and ground
stations via radio or satellite that also automatically delivers information
about each flight phase to air traffic controllers.
According
to Help Net Security, Teso abused these "massively insecure"
technologies, using the ADS-B to select targets.
He
used ACARS to siphon data about the onboard computer and to exploit its
weaknesses by delivering spoofed messages that tweak the plane's behavior.
Using
the Flightradar24 flight tracker - a publicly available tool that shows air
traffic in real time - Teso's PlaneSploit Android app allows the user to tap on
any plane found within range - range that would be limited, outside of a
virtual testing environment, to antenna use, among other things.
The
application has four functions: discovery, information gathering, exploitation
and post exploitation.
According
to Help Net Security, these are some of the functions Teso showed to the
conference audience:
Please
go here: Allows user to change the targeted plane's course by tapping locations
on the map.
Define
area: Set detailed filters related to the airplane, such as activating
something when a plane is in the area of X kilometers or when it starts flying
on a predefined altitude.
Visit
ground: Crash.
Kiss
off: Remove plane from the system.
Be
puckish: Trigger flashing lights and buzzing alarms to alert the pilots that
something is seriously wrong.
Teso
has, thankfully, responsibly, refrained from disclosing details about the
attack tools, given that the vulnerabilities have yet to be fixed.
In
fact, he told his listeners that he's been pleasantly surprised by the
receptivity he's received by the industry, with companies vowing to aid his
research.
Given
Teso's belief in responsible disclosure, the industry can take steps to patch
the security holes before someone with more malicious intent has an opportunity
to exploit them.
Comments