Airplane Takeover Demonstrated Via Android App

Software hack allows security researcher to take control of aircraft navigation and other systems; avionics manufacturers emphasize that the presentation exploited training software.

The avionics systems used in some commercial aircraft are vulnerable to being fed bogus data, which would allow an attacker to take control of navigation systems, relay fake information to pilots displays and adjust other systems, such as deploying oxygen masks for passengers.
That warning was delivered by Hugo Teso, a researcher at security consultancy N.Runs in Germany whos also a commercial airline pilot, at this weeks Hack In The Box conference in Amsterdam.
Using an Android application he developed,
dubbed PlaneSploit
, Teso employed a Samsung Galaxy smartphone to demonstrate how he could adjust the heading, altitude and speed of a virtual airplane by sending it false navigation data. You can use this system to modify approximately everything related to the navigation of the plane, Teso
told

Forbes
. That includes a lot of nasty things.
[ Do you really need an app to find your way around a shopping mall? Read
Indoor Location Tracking Has Lost Common Sense
. ]
But Teso added that even if a plane did receive and act on spoofed navigation data, a pilot would be able to override the automated controls and take direct control of the aircraft.
According to Tesos Hack In The Box
presentation
, his research goal has been to successfully exploit an aircrafts flight management system (FMS), which is the computer-human interface in a plane that used for navigation, flight planning, performance computations and related activities. So for the past three years, hes been auditing code and testing for FMS vulnerabilities using hardware and software from Honeywell, Rockwell Collins and Thales, procured largely via eBay.
The vulnerabilities he exploited in his presentation relate to ACARS (Aircraft Communications Addressing and Reporting System), which is used for exchanging text messages between aircraft and ground stations via radio (VHF) or satellite, he said in a
blog post
previewing his presentation. Notably, ACARS messages arent authenticated, and thus could be spoofed. ACARS has no security at all. The airplane has no means to know if the messages it receives are valid or not, Teso said. So they accept them and you can use them to upload data to the airplane that triggers these vulnerabilities. And then its game over.
Teso hasnt publicly detailed the precise vulnerabilities he used to craft his attack code, which he dubbed SIMON, but said hes disclosed the flaws to the Federal Aviation Administration and the European Aviation Safety Administration (EASA), as well as to businesses in the aerospace industry that may be affected.
Honeywell spokesman Scott Sayres said that his company is already working with N.Runs to review Tesos research, but downplayed the real-world implications. If we talk very generically -- not just about Honeywell software -- PC FMS software is normally available as an online pilot training aid, Sayres said via phone. In other words, what Teso did was hack a PC-based training version of FMS thats used to simulate the flight environment, not the actual certified flight software installed on an aircraft.
EASA said that its been in contact with Teso, but likewise emphasized that training software isnt the same as certified flight software. This presentation was based on a PC training simulator and did not reveal potential vulnerabilities on actual flying systems, said spokesman Jeremie Teahan via email. There are major differences between PC-based training FMS software and embedded FMS software. In particular, the FMS simulation software does not have the same overwriting protection and redundancies that is included in the certified flight software.
For more than 30 years now, the development of certifiable embedded software has been following strict guidance and best practices that include in particular robustness that is not present on ground-based simulation software, he said.
An FAA official said the agency plans to release a related statement later today.
A well-defended perimeter is only half the battle in securing the governments IT environments. Agencies must also protect their most valuable data. Also in the new, all-digital
Secure The Data Center
issue of InformationWeek Government: The White Houses gun control efforts are at risk of failure because the Bureau of Alcohol, Tobacco, Firearms and Explosives outdated Firearms Tracing System is in need of an upgrade. (Free registration required.)

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Airplane Takeover Demonstrated Via Android App