It sounds like something out of a James Bond or a Diehard type-movie, but it is very real. An android app that is designed specifically to lock on to a commercial airliner’s navigation system to change its course, its altitude or speed, or even cause it to crash. Hugo Teso is an analyst at N.Runs AG and a licensed pilot and has developed an Android app, dubbed, “Simon” which uses an exploit framework to attack the autopilot systems of most major commercial airliners. He did this to demonstrate the vulnerability of these systems called Automatic Dependant Surveillance-Broadcast, or ADS-B.
Teso spoke at the Hack in the Box conference in Amsterdam and explained how he could take advantage of the plane’s ADS-B system by breaking into the communication link between the plane and air traffic controllers to feed false information into the plane and potentially create another terrorist attack. He said that it took three years to build the “Simon” framework which used real-time information from Flightsradar24 and some easily attainable Flight Management System hardware.
In the virtual demonstration he conducted, he showed that he could send the command to the plane “visit ground” using the app and radio signals whereupon he could change the plane’s course, it’s speed or intentionally cause a crash. The reportedly ‘good’ news from this is that as of right now, this hacking system is limited. As of right now, this hack can only be accomplished virtually. The distance is also limited to the distance that the plane is from the antennae range of the device being used to hack it.
Other limitations on this include the fact that this only affects the plane’s autopilot function. If a pilot determines that the system has been compromised, a simple switch to manual control will end the vulnerability. That being said, there is no way for a plane to currently check the validity of data transmitted. New tech advances like the Simon bring new ways for terrorists to wreak havoc on the world.
You can follow any responses to this entry through the RSS 2.0 feed.
Leave your comment