Researcher Hugo Tesa has demonstrated an Android application that is apparently able to ‘hack’ the course of of a commercial airliner, the result of three years of reverse engineering flight navigation software.
The demo took place at the Hack in the Box security conference in Amsterdam where Tesa demonstrated the custom-created PlaneSploit app, which was working on a virtual aircraft, which exploits security weaknesses in software that is used to send messages and data to planes. At risk is the Aircraft Communications Addressing and Report System, as well as others, because the software has “virtually no authentication features to prevent spoofed commands.”
Reported in Forbes, representatives from the aviation industry have commented saying that the exploit, which attacks ACARS with false data, would not work on actual commercial airliners. The FAA said “The FAA has determined that the hacking technique described during a recent computer security conference does not pose a flight safety concern because it does not work on certified flight hardware. The described technique cannot engage or control the aircraft’s autopilot system using the FMS or prevent a pilot from overriding the autopilot. Therefore, a hacker cannot obtain “full control of an aircraft” as the technology consultant has claimed.”
The folks at N. Runs, where Tesa is employed, are not so sure. Honeywell, one of the aviation companies concerned, are on record as saying that they are taking the claims seriously. At least the application won’t be seeing the inside of Google’s Play Store any time soon.
Source: Ars Technica