Hacking an Airliner with an Android App

As if those with a fear of flying needed another reason to stay at home.

Hacking an airplane’s onboard systems and forcing it to crash sounds like the opener of a bad action movie. But at the Hack In The Box conference in Amsterdam, security consultant Hugo Teso demonstrated how someone armed with an Android smartphone could make such a disaster happen.

Teso, who works for German consulting firm n.runs AG, claims to have spent three years researching aviation security. At the conference, he used that knowledge to launch a remote attack on a virtual airliner’s onboard systems. The digital data-link for transmitting information between airplanes and ground systems, known as Aircraft Communications Addressing and Report Systems (or ACARS), is often unsecure and thus supremely vulnerable to exploitation.

The Automatic Dependent Surveillance Broadcast (ADS-B), a radar substitute that provides an aircraft’s position and velocity, is also vulnerable to a variety of passive and active attacks, according to Teso. With an app on an Android smartphone, an attacker could upload bad information via ACARS to a plane’s Flight Management System (FMS), leading it astray. The pilots, viewing false information on their displays, would have no idea that their vehicle was under remote influence. In order to demonstrate the veracity of his techniques, Teso then fed incorrect data to a virtual plane.

Teso’s full presentation can be found here (PDF), and it’s sure to give aviation experts some sleepless nights. Or will it? It took Teso quite a bit of work (and FMS hardware purchased online) to discover the vulnerabilities in ACARS and ADS-B; that time commitment could dissuade more than a few bad actors from following in his footsteps. In theory, the pilot of a plane—if aware of the cyber-attack—could also take manual control and steer back on-course.

Forbes also reached out to spokespeople from the Federal Aviation Administration (FAA) and the European Aviation Safety Administration (EASA), as well as Rockwell Collins and Honeywell (both of which build flight-management software). Those contacts suggested it would take a lot more effort than Teso demonstrated in order to “hack” an aircraft.

“The FAA has determined that the hacking technique described during a recent computer security conference does not pose a flight safety concern because it does not work on certified flight hardware,” the spokesperson from that regulatory body told Forbes. “The described technique cannot engage or control the aircraft’s autopilot system using the FMS or prevent a pilot from overriding the autopilot. Therefore, a hacker cannot obtain ‘full control of an aircraft’ as the technology consultant has claimed.”

Honeywell also suggested its systems have “protections” against corruption or overwriting that would block a Teso attack.

Nonetheless, Teso’s work shows (yet again) the vulnerability of our current systems to exploitation. And somewhere in Hollywood, some anxious screenwriter is already incorporating all this into Die Hard 6.


Image: Sakarin Sawasdinaka/Shutterstock.com