Email
Password
Remember meForgot password?
    Log in with Twitter

article imageHugo Teso: Commercial aircraft vulnerable to ground-based hackers

By Doug Gundy     Apr 12, 2013 in Technology
Amsterdam - A chilling presentation at the Hack In The Box security conference this week demonstrated how commercial aircraft can be hijacked remotely by ground-based hackers and commanded to crash using a smartphone application.
Mr. Teso, a former pilot and currently an aviation security expert presented how vulnerabilities in two separate avionic systems, the Automatic Dependent Surveillance-Broadcast (ADSB) and the Aircraft Communications Addressing and Reporting System (ACARS) could be exploited to gain remote control of an aircraft’s Flight Management System (FMS). Help Net Security, who attended the presentation, reports that Mr. Teso demonstrated how potential hackers could trigger alarms, redirect the aircraft, or make the aircraft seemingly disappear to ground-based air traffic controllers. Furthermore, it was stated that the aircraft could even be controlled through the physical motions of a smartphone using Mr. Teso's app.
Mr. Teso described that the level of security on these systems as ‘none at all’ and demonstrated his approach using avionic test equipment and computers he purchased from eBay. Both the Federal Aviation Authority (FAA) the European Aviation Safety Association (EASA) have claimed that the technique does not pose a flight safety risk stating that the equipment used by Mr. Teso in his presentation was not flight certified hardware.
However, Mr. Teso’s presentation emphasizes that the equipment used was nearly identical to actual aircraft systems and that the key vulnerability is a lack of data encryption. As reported by Forbes, N.Runs, an IT consultancy located in Germany and Mr Teso’s employer, states that the vulnerabilities exposed weren't related to the PC version he was testing and that it would work with a minimum of adaption on real planes.
Mr. Teso and N.Runs are currently working with aviation authorities and avionics manufacturers to address the identified vulnerabilities.
More about Aircaft, Airlines, FAA, Hackers, Security