A German security
consultant, who's also a commercial pilot, has demonstrated tools he
says could be used to hijack an airplane remotely, using just an Android
phone.
Speaking at the Hack in the Box security
summit in Amsterdam, Netherlands, Hugo Teso said Wednesday that he
spent three years developing SIMON, a framework of malicious code that
could be used to attack and exploit airline security software, and an
Android app to run it that he calls PlaneSploit.
Using a flight simulator,
Teso showed off the ability to change the speed, altitude and direction
of a virtual airplane by sending radio signals to its flight-management
system. Current security systems don't have strong enough
authentication methods to make sure the commands are coming from a
legitimate source, he said.
"You can use this system to modify approximately everything related to the navigation of the plane," Teso told Forbes after his presentation. "That includes a lot of nasty things."
He told the crowd that
the tools also could be used to do things like change what's on a
pilot's display screen or turn off the lights in the cockpit. With the
Android app he created, he said, he could remotely control a plane by
simply tapping preloaded commands like "Please Go Here" and the ominous
"Visit Ground."
The Federal Aviation
Administration said it is aware of Teso's claims, but said the hacking
technique does not pose a threat on real flights because it does not
work on certified flight hardware.
"The described technique
cannot engage or control the aircraft's autopilot system using the
(Flight Management System) or prevent a pilot from overriding the
autopilot," the FAA said. "Therefore, a hacker cannot obtain 'full
control of an aircraft' as the technology consultant has claimed."
Teso says he developed SIMON in a way that makes it work only in virtual environments, not on actual aircraft.But the risk is there, some experts say.
"His testing laboratory
consists of a series of software and hardware products, but the
connection and communication methods, as well as ways of exploitation,
are absolutely the same as they would be in an actual real-world
scenario," analysts at Help Net Security wrote in a blog post.
Teso told the crowd that
he used flight-management hardware that he bought on eBay and publicly
available flight-simulator software that contains at least some of the
same computer coding as real flight software.
Analyst Graham Cluley of
Sophos Security said it's unclear how devastating Teso's find would be
if unleashed on an airplane in flight.
"No one else has had an
opportunity to test this researcher's claims as he has, thankfully, kept
secret details of the vulnerabilities he was able to exploit," Cluley
said. "We are also told that he has informed the relevant bodies, so
steps can be taken to patch any security holes before someone with more
malicious intent has an opportunity to exploit them."
Teso said at the summit
that he's reached out to the companies that make the systems he
exploited and that they were receptive to addressing his concerns. He
also said he's contacted aviation safety officials in the United States
and Europe.
"From the sound of
things, this researcher has got himself a lot of media attention, but
still believes in responsible disclosure, rather than potentially
putting aircraft and passengers at risk," Cluley said.
Teso isn't the first so-called "white hat" hacker to expose what appear to be holes in air-traffic security.
Last year, at the Black Hat security conference
in Las Vegas, computer scientist Andrei Costin discussed weaknesses he
said he found in a new U.S. air-traffic security system set to roll out
next year. The flaws he found weren't instantly catastrophic, he said,
but could be used to track private airplanes, intercept messages and jam
communications between planes and air-traffic control
0 comments:
Post a Comment