AIRLINE BODIES have played down the threat of an app developed to access the flight deck of a simulated aircraft and control the plane from an Android smartphone.
Hugo Teso, who is a fully trained commercial pilot as well as a security researcher for German IT firm N.Runs, demonstrated the vulnerabilities in an aircraft's flight management system (FMS) at the Hack In The Box conference in Amsterdam.
Teso fed false navigation information to a simulated aircraft, which he built using spare parts from real jets that he acquired through Ebay, by sending it his own malicious radio signals, making it change course.
However, the European Aviation Safety Agency (EASA) and the US Federal Aviation Administration (FAA) have both confirmed to The INQUIRER that they are aware of Teso's presentation at the conference and insist it did not reveal potential vulnerabilities on actual flying systems.
"There are major differences between a PC-based training FMS software and an embedded FMS software," the EASA said. "In particular, the FMS simulation software does not have the same overwriting protection and redundancies that is included in the certified flight software."
The FAA said it has determined that the hack does not pose a "flight safety concern" because it does not work on certified flight hardware.
"The described technique cannot engage or control the aircraft's autopilot system using the FMS or prevent a pilot from overriding the autopilot. Therefore, a hacker cannot obtain ‘full control of an aircraft' as the technology consultant has claimed," the FAA said.
Although it has been widely reported, neither of the bodies said that they are looking to talk with Teso regarding his findings.
In order to achieve the hack, Teso created an exploit framework, codenamed SIMON, and an Android app called Planesploit that communicates with the FMS.
Teso said he had spent the past four years investigating an aeroplane's different computer and data systems that help them fly and navigate from A to B safely.
"I expected them to have security issues but I did not expect them to be so easy to spot," he told the BBC. "I thought I would have to fight hard to get into them but it was not that difficult."
According to his blog, the hack targets two technologies, Automatic Dependent Surveillance-Broadcast (ADS-B) and Aircraft Communications Addressing and Report System (ACARS).
ADS-B sends information, such as the current position, altitude and velocity about the plane through an onboard transmitter to air traffic controllers, while ACARS manages communication between pilots and air traffic controllers via radio or satellite.
By manipulating ADS-B, Teso was able to select targets, then gather information from the ACARS, exploiting its vulnerabilities by delivering spoofed malicious messages that affect the behavior of the plane. Teso was even able to control the plane using a phone's accelerometer to vary its course and speed. µ
Sign up for INQbot – a weekly roundup of the best from the INQ