It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
A German security consultant, who's also a commercial pilot, has demonstrated tools he says could be used to hijack an airplane remotely, using just an Android phone.
Speaking at the Hack in the Box security summit in Amsterdam, the Netherlands, Hugo Teso said Wednesday that he spent three years developing SIMON, a framework of malicious code that could be used to attack and exploit airline security software, and an Android app to run it that he calls PlaneSploit.
Using a flight simulator, Teso showed off the ability to change the speed, altitude and direction of a virtual airplane by sending radio signals to its flight-management system. Current security systems don't have strong enough authentication methods to make sure the commands are coming from a legitimate source, he said.
"His testing laboratory consists of a series of software and hardware products, but the connection and communication methods, as well as ways of exploitation, are absolutely the same as they would be in an actual real-world scenario," analysts at Help Net Security wrote in a blog post.
Rockwell Collins: “”Today’s certified avionics systems are designed and built with high levels of redundancy and security. The research by Hugo Teso involves testing with virtual aircraft in a lab environment, which is not analogous to certified aircraft and systems operating in regulated airspace."
The FAA has determined that the hacking technique described during a recent computer security conference does not pose a flight safety concern because it does not work on certified flight hardware. The described technique cannot engage or control the aircraft’s autopilot system using the FMS or prevent a pilot from overriding the autopilot. Therefore, a hacker cannot obtain “full control of an aircraft” as the technology consultant has claimed.
Another not-too-comforting thought by Teso was that many aircraft onboard computers are running outdated software and fail to meet modern safety requirements. While all airplanes are not doomed, they are not exactly safe either. Teso said he’s woorking on the next version of ACARS which will be encrypted. The ACARS successor will roll out over the next 20 years.
Any micro controller connected to an airband transmitter can do it, so why single out smartphones?
Originally posted by Sandalphon
I've actually heard of SIMON somewhere before, in the late 1980s I think. It was kind of related to some guys who may have been in a CIA-like brain group. It was originally on a computer, not the Android phone. This is just the Android version of the malicious code being advertised to the world, a scare tactic. Basically it sends bogus signals to the rudders/flaps, bypassing the steering of the plane It may even be able, in theory, to shut down the engines at the back of fighter jets. Don't know how I got the information, maybe it was a daydream