Security Expert & Hacker Demonstrates How to Hijack an Airplane with an Android App

[dgstorm]

[video=youtube;jjRzqGUFECI]http://www.youtube.com/watch?feature=player_detailpage&v=jjRzqGUFECI[/video]​

If you are one of those folks with a fear of flying you may want to skip reading this article. Apparently, all you need to remotely hijack an airplane is some aviation software that can be found on eBay, an Android phone and an app. A gentleman named Hugo Teso, who also happens to be a professional security expert, hacker and retired commercial airline pilot, just showed a live demonstration of this at an Amsterdam security conference recently. Here's a quote with more of the details,

It turns out that two important aviation systems — the Automated Dependent Surveillance-Broadcast (ADS-B) and the Aircraft Communications Addressing and Reporting System (ACARS) — are completely unencrypted and unauthenticated, allowing anyone with the right tools and a little know-how to access the system remotely without too much trouble.

Teso simply hit up eBay for “actual flight code software” that’s normally used for training pilots, as well as nabbing a radio transmitter. During the demonstration, Teso audited real aircraft code by searching for vulnerabilities on a fleet of virtual aircrafts (using real airplanes in this case would obviously be unethical and quite illegal. Along with an Android app called PlaneSploit (which won’t be hitting the Google Play store), Teso was able to control the steering of a Boeing jet, as long as the plane was in autopilot mode.

Teso has been working in the IT industry for 11 years now, and before that he was a trained and licensed commercial pilot for 12 years. His 23 years of combined experienced with the two professions has led him to teach the public about the state of the security of aviation computer systems and communication protocols, which are actually not that secure, as Teso demonstrated.

If that doesn't freak you out, even just a little, then your "flight or flight" funny bone is perhaps too desensitized. Regardless, it makes you wonder how on earth the electronic security of our aviation industry could be so archaic. At least someone is pointing out the holes so we can fix them. It's a good thing that most criminals and terrorists aren't as savvy as this guy...

Source: SlashGear

 

[cobravnm13]

Watch Android be blamed for this.

 

[johnomaz]

Ya, sounds like the folks that are in charge of the airports need to get their arses in gear and fix that entire issue of being wide open. In this day an age where individuals encrypt their entire hard drive because why not, systems like that need to be as secure as possible.

 

[UrbanBounca]

I've never flown and after reading, I can't say I'm in any hurry.

Sent from my LG-L38C using Tapatalk 2

 

[kodiak799]

So that's why we have to turn our phones off when taking off and landing....airplane mode *wink*wink

 

[52brandon]

whoa. That's crazy. I assume he pointed it out privately to the airline industry before going public, I hope so at least. And when they didn't do anything, he went public to essentially force them to. Droid Does... hijack planes without even needing to be there

 

[kodiak799]

Even more scary...And I'm not sure it's true, but certainly sounds plausible - autopilot LANDS the plane at least once a month to make sure the capability is valid and functioning properly.