So it looks like someone could hack a jetliner. With an Android smartphone. Awesome.
At the Hack In The Box conference in Amsterdam, security consultant Hugo Teso demonstrated PlaneSploit,
an app he developed that he claims can take control of certain systems
aboard an airplane and cause it to change direction or just crash itself
into the ground.Hugo’s no terrorist, mind you. He developed the app to point out the glaring, frightening, insane security holes in most planes’ onboard flight systems. His demonstration was done in a simulated environment, but the methods and effects, he says, are exactly the same as what could happen with a real plane.
“The complete attack will be accomplished remotely, without needing physical access to the target aircraft at any time,” wrote Teso in his presentation abstract for the conference. The hack exploits the plane’s autopilot, transferring control to the hacker, who (in theory) could command the plane from an app running on Android.
The site Help Net Security describes the process in bland, chilling detail:
“The
attacker can click on any active airplane and it receives its
identification, current location and final destination. In case a nearby
airplane system is exploitable (a number of vulnerability vectors
mentioned, not much details provided), the application alerts the user
via an in-application alert or a push message. The payload can be
uploaded with a tap of a button and from that point on, the flight
management system is remotely controlled by an attacker.”
Teso
says he has been in contact with several members of the airline/aircraft
industry and that they are working on addressing these deficiencies.
One should hope so.Update – April 12, 11:32 a.m.: The website The Daily Caller has published a response from the FAA:
“The
FAA is aware that a German information technology consultant has
alleged he has detected a security issue with the Honeywell NZ-2000
Flight Management System (FMS) using only a desktop computer,” said Les
Dorr, FAA spokesman, in a statement to TheDC.
“The
FAA has determined that the hacking technique described during a recent
computer security conference does not pose a flight safety concern
because it does not work on certified flight hardware,” he said.
“The
described technique cannot engage or control the aircraft’s autopilot
system using the FMS or prevent a pilot from overriding the autopilot,”
said Dorr.
“Therefore, a hacker cannot obtain ‘full control of an aircraft,’ as the technology consultant has claimed,” said Dorr.
0 comments:
Post a Comment