Hacker's Terrifying Android App Can Hijack a Plane from the Ground
Steven Blum has written more than 2,000 blog posts as a founding member of AndroidPIT's English editorial team. A graduate of the University of Washington, Steven Blum also studied Journalism at George Washington University in Washington D.C. for two years. Since then, his writing has appeared in The Stranger, The Seattle P-I, Blackbook Magazine and Venture Villlage. He loves the HTC One and hopes the company behind it still exists in a few years.
Hugo Teso, a German security consultant and commercial pilot, has developed what just might be the most dangerous smartphone app ever.
The app, which is called Planesploit, can exploit vulnerabilities in airline security software, allowing the user to essentially hijack a commercial airplane.
Teso bought computers and software used in airplanes from eBay and spent three years developing code that can override a pilot's command. He presented his plane-controlling Android app at the Hack in the Box security conference in Amsterdam.
The security expert found a weakness in the Aircraft Communications Addressing and Reporting System (ACARS), which controls communications between a plane and ground control, as well as the Automatic Dependence Surveillance Broadcast (ADS-B) which functions as a radar system. By exploiting both, Teso claims he can take over the direction a plane is heading in.
Writes Computer World:
Teso used ACARS to exploit and break into the airplane's onboard computer system and then upload Flight Management System (FMS) data. FMS could be uploaded by software defined radio and ground service providers.
The good news is that pilots would be able to take over the plane by switching off Autopilot, assuming they realize that their plane has been hacked. The other good news is that Teso tested his app using flight-simulator software, and the code is useless against a real airplane. Experts are divided as to what the effect would be if unleashed on an actual airplane.
Teso has reached out to the companies that create all the systems he's exploited and contacted aviation safety officials in both the United States and Europe.
These are all the (ABSOLUTELY TERRIFYING) functions available via the app:
Please go here: A way of interacting with the plane where the user can dynamically tap locations on the map and change the plane's course.
Define area: Set detailed filters related to the airplane, for example activate something when a plane is in the area of X kilometers or when it starts flying on a predefined altitude.
Visit ground: Crash the airplane.
Kiss off: Remove itself from the system.
Be punckish: A theatric way of alerting the pilots that something is seriously wrong - lights start flashing and alarms start buzzing.