The Hack in the Box (HITB) security conference is held annually in Amsterdam and Kuala Lumpur. This year’s conference featured an interesting talk by Hugo Teso, a security constultant at N.Runs AG in Germany. Teso, who is also a commercial pilot demonstrated a way by which an airplane can be hijacked using an Android application that abuses the vulnerabilities in flight system software. The researcher provides basic background information of the software here.
The proof of concept (PoC) exploit consists a the SIMON framework and PlaneSploit, an android application. The lab also included the open source software defined radio GNU Radio which inspires a lot of creative projects.
With the PoC code, Teso was able to control nearly everything related to aircraft navigation. Targets of the research included Automatic Dependent Surveillance-Broadcast (ADS-B) system and Aircraft Communications Addressing and Reporting System (ACARS).
ADS-B updates ground controllers about the aircraft’s position. The data rate over the system is 1 Mb/s. The research included passive eavesdropping on the aircraft’s communications and actively intercepting broadcasts. ACARS provides a communication relay between pilots and ground controllers. Teso’s demonstration redirected the aircraft’s navigation systems to different map co-ordinates using a Samsung Galaxy handset.
According to Teso, pilots can always override the automatic systems. But this can be subverted to deliver mayhem in the hands of a hijacker. The results of Teso’s research have already been submitted to the Federal Aviation Administration and the European Aviation Safety Administration for pre-emptive action.