Facebook Twitter YouTube SoundCloud RSS

Network Nightmare: Hacker demonstrates how to hijack Boeing jet using Android app

21st Century Wire says

Remember the new Battlestar Galactica TV series pilot, where Galactica was the only ship to survive the Cylon attack because it was not networked to the main grid – making it impossible to hack or be taken down by a virus.

Common sense told Commander Adama to leave the ship that way in order to ensure its integrity in the face of Cylon hack attacks. Makes you wonder…

Shawn Knight
Tech Spot

A security consultant by the name of Hugo Teso claims he has created an Android app called PlaneSploit that would allow him to remotely attack and hijack commercial aircraft.

He recently presented his findings at the Hack in the Box security conference in Amsterdam where, among other things, he exposed the fact that a number of aviation and aircraft systems have no security in place.

hack-in-the-boxTeso, a trained commercial pilot for 12 years, reiterated that the Automated Dependent Surveillance-Broadcast (ADS-B) is unencrypted and unauthenticated which can lead to passive attacks like eavesdropping or active attacks such as message jamming and injection. Furthermore, the Aircraft Communications Addressing and Reporting System (ACARS) – a service used to send text-based messages between aircraft and ground stations – also has no security.

With these vulnerabilities in mind, he used virtual planes in a lab to demonstrate his ability to hijack a plane rather than attempting to take over a real flight as that was “too dangerous and unethical.” He used ACARS to gain access to the plane’s onboard computer system and uploaded Flight Management System data.

Once in, he demonstrated how it was possible to manipulate the steering of a Boeing jet while it was in autopilot mode. The security consultant said he could cause a crash by setting the aircraft on a collision course with another jet or even give passengers a scare by dropping down the emergency oxygen masks without warning.

A pilot could thwart an attack by taking the plane out of autopilot although he pointed out that several newer systems no longer include manual controls. Some systems could be updated to patch the vulnerabilities but many legacy systems would be difficult, if not impossible, to update…




Get Your Copy of New Dawn Magazine #203 - Mar-Apr Issue
Get Your Copy of New Dawn Magazine #203 - Mar-Apr Issue