Security consultant and trained commercial pilot Hugo Teso has aviation agencies on his trail since developing an Android app that can remotely attack and take full control of an aircraft.
Using the application, dubbed PlaneSploit, Teso demonstrated how to virtually hijack flight desk computers and feed false navigation information to change the course of a simulated jet, according to Help Net Security, which sat in on Teso's presentation at the Hack in the Box security conference in Amsterdam.
Teso, who spent three years researching the aviation security field, gathered hardware and software he purchased from eBay and set to work searching for vulnerabilities in aircraft code, Computerworld reported. What he found was a terrifying ability to make flying machines "dance to his tune," as Help Net Security noted.
The hack targets two technologies: Automatic Dependent Surveillance-Broadcast (ADS-B) and Aircraft Communications Addressing and Report System (ACARS).
ADS-B, according to Teso's cheat sheet, sends information (current position, altitude, velocity) about aircraft through an on-board transmitter to air traffic controllers, who then provide pilots with details about other planes in their vicinity. Meanwhile, ACARS is used to exchange messages between pilots and air traffic controllers via radio or satellite.
By manipulating the ADS-B, Teso was able to select targets, then gather information from the ACARS, exploiting its vulnerabilities by delivering what Help Net Security said were "spoofed malicious messages that affect the 'behavior' of the plane."
Teso's discoveries have not gone unnoticed by global aviation organisations, though. The European Aviation Safety Agency (EASA) and Federal Aviation Administration (FAA) both confirmed to that they are aware of Teso's presentation.
"This presentation was based on a PC training simulator and did not reveal potential vulnerabilities on actual flying systems," an EASA statement said. "There are major differences between a PC based training FMs [flight management system] software and an embedded FMS software."
The version Teso used does not include the same overwriting protection and redundancies that certified flight software does, the agency said.
The FAA agreed, saying in a statement that it has "determined that the hacking technique described ... does not pose a flight safety concern because it does not work on certified flight hardware."
Teso's technology, in fact, cannot engage or control the plane's autopilot or prevent a pilot from overriding the autopilot, the FAA said. "Therefore, a hacker cannot obtain 'full control of an aircraft' as the technology consultant has claimed."