How to hijack an airplane using an Android mobile app
By: Ruchi Shroff
A German security consultant, who's also a commercial pilot, has demonstrated tools he says could be used to hijack an airplane remotely using just an Android phone, CNN has reported.
Speaking at the Hack in the Box security summit in Amsterdam, Hugo Teso said that he spent three years developing SIMON, a framework of malicious code that could be used to attack and exploit airline security software, and an Android app to run it that he calls PlaneSploit. However, Teso added that the app only works on virtual aircraft.
Using a flight simulator, Teso showed off the ability to change the speed, altitude and direction of a virtual airplane by sending radio signals to its flight-management system. He reportedly added that current security systems don't have strong enough authentication methods to make sure the commands are coming from a legitimate source.
"You can use this system to modify approximately everything related to the navigation of the plane," Teso reportedly said. "That includes a lot of nasty things."
He told the crowd that the tools also could be used to do things like change what's on a pilot's display screen or turn off the lights in the cockpit. With the Android app he created, he said, he could remotely control a plane by simply tapping preloaded commands like "Please Go Here" and the ominous "Visit Ground."
He added that he used flight-management hardware that he bought on eBay and publicly available flight-simulator software that contains at least some of the same computer coding as real flight software. Teso said that he's reached out to the companies that make the systems he exploited and that they were receptive to addressing his concerns. He also said he's contacted aviation safety officials in the United States and Europe.
The Federal Aviation Administration said it is aware of Teso's claims, but said the hacking technique does not pose a threat on real flights because it does not work on certified flight hardware.
"The described technique cannot engage or control the aircraft's autopilot system using the (Flight Management System) or prevent a pilot from overriding the autopilot," the FAA said. "Therefore, a hacker cannot obtain 'full control of an aircraft' as the technology consultant has claimed."