Friday, 12 April 2013

Possibility to hijack a plane with android app-HUGO TESO

Imagine the kind of chaos a malicious hacker could cause if he or she were able to take over an airplane simply using android phone. with a tap of his or her fingers, the hacker could arbitrarily control the plane remotely and redirect its path. Does it sound like a Hollywood movie plan,think again, because that's exactly the scenario a German security researcher laid out on Wednesday at a
conference in Amsterdam.

Hugo Teso, a security researcher for the German IT consultancy firm — he is a trained commercial pilot as well — explained at the Hack in the Box security conference that a protocol used to transmit data to commercial airplanes can be hacked, turning the hacker into a full-fledged hijacker.

The flawed protocol is a data exchange system called Aircraft Communications Addressing and Report System, or ACARS. Exploiting its flaws, as well as the bugs found in flight management software made by companies like Honeywell, Thales, and Rockwell Collins, Teso maintains he can take over a plane by sending it his own malicious radio signals. To do that, he has created an exploit framework, codenamed SIMON, and an Android app called PlaneSploit that can communicate with the airplanes' Flight Management Systems (FMS). 

The key to Teso's hack is that ACARS doesn't have any encryption or authentication features, so the plane can't distinguish between signals that are coming from a hacker or an airport's ground station. That way, he or she could potentially send spoofed malicious signals to affect the behavior of the plane. 
Authorities like the Federal Aviation Administration (FAA), as well as Honeywell, however, don't believe his hack could be reproduced in real life.  

Honeywell says,"As Teso readily admits, the version he used of our flight management system is a publicly available PC simulation, and that doesn’t have the same protections against overwriting or corrupting as our certified flight software".

Even if Teso's hack proves not to be reproducible on real planes, some of the flaws he exposed could still cause issues. And this is not the first time security researchers and hackers have exposed serious flaws in modern aviation systems.

Hope you guys liked the article.Please let me know your views below :)

No comments:

Post a Comment