Mr. Teso, a former pilot and currently an aviation security expert
presented how vulnerabilities in two separate avionic systems, the Automatic Dependent Surveillance-Broadcast (ADSB) and the Aircraft Communications Addressing and Reporting System (ACARS) could be exploited to gain remote control of an aircraft’s Flight Management System (FMS). Help Net Security, who attended the presentation,
reports that Mr. Teso demonstrated how potential hackers could trigger alarms, redirect the aircraft, or make the aircraft seemingly disappear to ground-based air traffic controllers. Furthermore, it was stated that the aircraft could even be controlled through the physical motions of a smartphone using Mr. Teso's app.
Mr. Teso described that the level of security on these systems as ‘none at all’ and demonstrated his approach using avionic test equipment and computers he purchased from eBay. Both the Federal Aviation Authority (FAA) the European Aviation Safety Association (EASA) have claimed that the technique does not pose a flight safety risk stating that the equipment used by Mr. Teso in his presentation was not flight certified hardware.
However, Mr. Teso’s presentation emphasizes that the equipment used was nearly identical to actual aircraft systems and that the key vulnerability is a lack of data encryption. As
reported by Forbes, N.Runs, an IT consultancy located in Germany and Mr Teso’s employer, states that the vulnerabilities exposed weren't related to the PC version he was testing and that it would work with a minimum of adaption on real planes.
Mr. Teso and N.Runs are currently working with aviation authorities and avionics manufacturers to address the identified vulnerabilities.