Help ATS with a contribution via PayPal:
learn more

Hacker says phone app could hijack plane

page: 1
13

log in

join

posted on Apr, 11 2013 @ 10:46 PM
link   


A German security consultant, who's also a commercial pilot, has demonstrated tools he says could be used to hijack an airplane remotely, using just an Android phone.

Speaking at the Hack in the Box security summit in Amsterdam, the Netherlands, Hugo Teso said Wednesday that he spent three years developing SIMON, a framework of malicious code that could be used to attack and exploit airline security software, and an Android app to run it that he calls PlaneSploit.

Using a flight simulator, Teso showed off the ability to change the speed, altitude and direction of a virtual airplane by sending radio signals to its flight-management system. Current security systems don't have strong enough authentication methods to make sure the commands are coming from a legitimate source, he said.

"His testing laboratory consists of a series of software and hardware products, but the connection and communication methods, as well as ways of exploitation, are absolutely the same as they would be in an actual real-world scenario," analysts at Help Net Security wrote in a blog post.

www.cnn.com...


If true this seems like a serious problem. Hard to believe aircraft manufacturers haven't addressed this issue.
If this man can figure out an exploit I would hope the designers would be aware of the situation.




posted on Apr, 12 2013 @ 08:59 AM
link   
The PDF of the Hugo Teso presentation.



posted on Apr, 12 2013 @ 09:05 AM
link   
Here's another link arstechnica.com...

Read the comments from some of the pilots. Its worrying. I think I now understand why airlines are scared of mobile phones, computers. As one of the pilots say crashes are often caused by pilots looking at mal functioning equipment in the cockpit than the altitude of the plane.



posted on Apr, 12 2013 @ 11:51 AM
link   


Rockwell Collins: “”Today’s certified avionics systems are designed and built with high levels of redundancy and security. The research by Hugo Teso involves testing with virtual aircraft in a lab environment, which is not analogous to certified aircraft and systems operating in regulated airspace."

The FAA has determined that the hacking technique described during a recent computer security conference does not pose a flight safety concern because it does not work on certified flight hardware. The described technique cannot engage or control the aircraft’s autopilot system using the FMS or prevent a pilot from overriding the autopilot. Therefore, a hacker cannot obtain “full control of an aircraft” as the technology consultant has claimed.

www.forbes.com...


I would imagine these groups would down play any threat.

"certified avionics systems are designed high levels of security" ? Some out there seem to believe that isn't true.

Given the many ways that have been found to crash computers it would not be surprising, to me, that plane systems are vulnerable to being crashed even if complete control isn't possible.



posted on Apr, 12 2013 @ 12:19 PM
link   
No need to worry, they're right on it developing a fix for the situation.


Another not-too-comforting thought by Teso was that many aircraft onboard computers are running outdated software and fail to meet modern safety requirements. While all airplanes are not doomed, they are not exactly safe either. Teso said he’s woorking on the next version of ACARS which will be encrypted. The ACARS successor will roll out over the next 20 years.

Computerworld

Just stay off the planes for the next 20 years while they get it straitened out and you'll be fine.



posted on Apr, 13 2013 @ 06:08 AM
link   
reply to post by roadgravel
 


So.... this looks like a great way to tell Hijackers, 'hey, look at me, i'm an app, you can use me to hijack the plane' etc etc....

This is so silly to put it out there and will just help the hijackers, not deter them.



posted on Apr, 13 2013 @ 07:40 AM
link   
I don't believe he is releasing the app to the public. The intention is to get manufacturers to evaluate the security of their products.



posted on Apr, 13 2013 @ 12:48 PM
link   
SIMON says crash. This brings new meaning to Airplane Mode. One wrong move playing Angry Birds...

So maybe he found out what some secret project government already knew. Those plane specifications are no accident. You think all those engineers would leave such a huge loophole in their designs by accident? There is so much the big aerospace companies think that what they know is a secret. Maybe they left it out to save money, maybe the government ordered them to design a loophole.

I've actually heard of SIMON somewhere before, in the late 1980s I think. It was kind of related to some guys who may have been in a CIA-like brain group. It was originally on a computer, not the Android phone. This is just the Android version of the malicious code being advertised to the world, a scare tactic. Basically it sends bogus signals to the rudders/flaps, bypassing the steering of the plane It may even be able, in theory, to shut down the engines at the back of fighter jets. Don't know how I got the information, maybe it was a daydream. I keep thinking they practiced it on small planes in fields, because in the war on drugs and terrorism, a lot of bad guys use little planes in small airports to get around.

Oh you know those guys have malicious technology for all things, just in case it benefits them. They engineered car keys to be wireless for the government backdoors, it might be claimed. Same with wireless computers, it's hard to determine where the malicious influence came from. Phones themselves are hackable. So with planes, are you surprised?

It gets weird when a bad guy can long-distance hijack someone else's phone to do some dirty things, framing them in terrorism.
edit on 13-4-2013 by Sandalphon because: plane, boat, whatever



posted on Apr, 13 2013 @ 01:14 PM
link   
Sorry, but I have to call BS on this using just a smartphone. ACARS transmits in the airband, so you would have to have an airband transmitter connected to your smartphone, and yes, it is possible, but you don't need a smartphone for that. Any micro controller connected to an airband transmitter can do it, so why single out smartphones?

For that matter, I can spoof the transponder signal of the aircraft, so that the ATC can get totally wrong readings for its height, transponder code, etc. Heck, I can even give the weather radar on the plane totally wrong readings.

And teenagers can blind the pilots of the airplanes by pointing a laser pointer at it. So, why do they make it out as this huge security issue? Just more reason to get the PTB to become totally paranoid about airplane security, which is the biggest bunch of crap in any case.
edit on 13/4/2013 by Hellhound604 because: (no reason given)



posted on Apr, 13 2013 @ 01:15 PM
link   
I think this will be downplayed and very little said about in the near future. It will continue to be a fingers crossed security method.



posted on Apr, 13 2013 @ 01:16 PM
link   
perhaps its designed this way ... intentionally



posted on Apr, 13 2013 @ 01:18 PM
link   


Any micro controller connected to an airband transmitter can do it, so why single out smartphones?


Smart phones are becoming the portable, pocket size computing platform.



posted on Apr, 13 2013 @ 01:20 PM
link   
reply to post by roadgravel
 


No smartphone can transmit in the airband.... bottom line, you need to interface it to an airband transmitter. A smartphone is a very expensive way of doing it. Heck, you can do it for 2US$ using a single chip controller, you don't need a smartphone for it.

But in all likelihood the pilot is more prone to misread his instruments, the pitout tubes are more inclined to freeze shut, ice forming on the wings and jamming the control surfaces are 100000000x more likely to happen, yet you don't worry about that, do you?

Any system based upon 2-way communications, can be intercepted, and the information can be changed. If I hook into your internet system, I can change everything you read or send, heck,I can hook into your cars electronics, and change the commands on the fly. It sort of reminds me of these scares about some hackers being able to hack into biomedical devices, etc.....
edit on 13/4/2013 by Hellhound604 because: (no reason given)



posted on Apr, 13 2013 @ 01:56 PM
link   
reply to post by Hellhound604
 


You missed the point...



posted on Apr, 13 2013 @ 02:51 PM
link   
The exploit relies on the either autopilot system being on, as the only way the plane is going to change direction, speed, or altitude without pilot input is through changing waypoints, or by sending false ATC instructions for the pilots to act on.

If the plane changes its flight path, the natural reaction would be for the pilot to attempt to correct that change. To the best of my knowledge, all autopilots will turn off when sufficient pressure is applied to the controls by the pilot.

Any change in aircraft position that was not directed by ATC would result in a query, via radio, to the pilots from ATC. You can see that in the ATC transcripts from 9/11 when the aircraft deviated from their flight instructions. If the instructions on screen did not make sense to the pilot, he most likely would question ATC via radio.

It isn't like the "hack" gives control of the airplane equivalent to that of an RC airplane.

The biggest danger would be when the airplane is either in a holding pattern or on approach. Yet this would be when a pilot would be most alert.



posted on Apr, 13 2013 @ 04:31 PM
link   

Originally posted by Sandalphon
I've actually heard of SIMON somewhere before, in the late 1980s I think. It was kind of related to some guys who may have been in a CIA-like brain group. It was originally on a computer, not the Android phone. This is just the Android version of the malicious code being advertised to the world, a scare tactic. Basically it sends bogus signals to the rudders/flaps, bypassing the steering of the plane It may even be able, in theory, to shut down the engines at the back of fighter jets. Don't know how I got the information, maybe it was a daydream


I truly don't mean to burst your bubble, but as an electrician/electrical engineer; I know you can't send signals to a plane's wing wirelessly (at least not yet). You'd have to use wire to send the electrical signals to the mini-engine on the device that controls the rudders. The only way that could be true is if you were to have an extremely strong magnetic field acting on the wires. The disruption will cause less current to pass through the wires thus making the plane unable to steer.

To do this in a modern day setting, you'd need access to the plane's wings before take-off, or use an extremely expensive EMF emitter covering a lot of land to produce said magnetic fields.

I will never understand why the government hasn't tried making this weapon yet. It's better than dropping bombs on people. If you want a country to stop moving forward, just stop the people from moving.



posted on Apr, 14 2013 @ 06:25 AM
link   
reply to post by StockLoc
 


Stockloc, this exploit is aimed at the ACARS telemetry system, that transmits/receives diagnostics and other information via either the airband or satellite.

As far as wiring is concerned, and inducing EMF fields in it, that is taken care of by a very stringent spec, DO-160D, which includes lightning strikes (LEMP) and HIRF. The HIRF requirements includes field strengths of 120kV/m directed at the equipment and interconnecting wires. Of course, small planes don't adhere to DO-160D, but modern large airliners do.
edit on 14/4/2013 by Hellhound604 because: (no reason given)





new topics

top topics


active topics

 
13

log in

join