Hijacking an Aircraft with a Simple Android App PlaneSploit
A malicious hacker is a threat to everybody. He uses his superior intellect to wreak havoc just for fun. Imagine if such a person is able to simply take over the control of an airplane just by using an Android app. Sounds like the opening scene of a Hollywood movie doesn’t it? In real life, a German security expert recently presented an Android app that can control an airplane using an Android app. PlaneSploit is an Android app that can interact with the plane’s FMS or Flight Management Systems.
At a recent security conference in Amsterdam, the Spanish security researcher, Hugo Teso, showcased the app. PlaneSploit takes advantage of a minor flawed protocol that transmits data from the ground to commercial airplanes. This protocol has been found vulnerable to attack from the app by Teso. In other words, A hacker armed with this app turns into a terrifying hijacker. The vulnerable protocol is a regular data exchange system known as ACARS. The software for these systems has been provided by companies like Thales, Rockwell Collins and Honeywell. The app exploits flaws in the protocol and certain bugs in the software to assume control over the system.
The PlaneSploit app detects the communicating radio signals and sends its own malicious signals along with them. The app uses an exploit framework, named SIMON, created by Teso to begin communications with the plane’s FMS. The hubris of the ACARS is that it has negligible authentication protocols which render it difficult for the plane to distinguish between signals from the ground station and a hacker. Teso used simulation aircraft training software to showcase his app’s potential. However, authorities from the FAA (Federal Aviation Administration) and Honeywell have debunked these claims as being impractical in real life.
The FAA commented on the presentation and stated that the app poses no credible threat to flight safety. FAA remarks that while the app may have been to gain control over the simulation software, certified flight hardware may be much more difficult to penetrate. The FAA has rejected the possibility of a hacker gaining undue control over an aircraft. Even Honeywell quipped in with statements that Teso’s app poses no credible danger to real-life aircraft FMS which have greater protection against corrupting or overwriting of software.
However, it may be interesting to note that while the software is in place to guide the plane, the crew has control over the aircraft in the end. And any suspicious activity that they detect can be immediately put to an end by simply disabling the autopilot and taking charge manually. Even with minor adjustments made to the app to suit real world aircraft, a hacker may not be able to gain complete control of a craft. The maximum extent of the hackers control may be to alarm the passengers by suddenly dropping the pressured air masks. The hack in itself may be impractical at the moment, but the flaws it has exposed may pose a larger threat at some point in the future. FAA needs to some damage control to prevent any such exploitable flaws.
Like us on Facebook
We need your assistance to stay live
This week Top Posts
- Top Things To Do After Installing Ubuntu 13.10 'Saucy Salamander' : Ubuntu 13.10 Saucy Salamander will be released on coming October 17th with many new salient featur...0 comments |
- Fedora 21 Scheduled For Release In October : For Fedora users, just keep calm and use Fedora 20 for now. Fedora Developers has announced that F...1 comment |
- How To Upgrade From Ubuntu 13.04 Raring To Ubuntu 13.10 Saucy Salamander : Ubuntu 13.10 Saucy will be released on October 17th. Hope it will come with lot of improvements and ...0 comments |
- Install lamp with 1 command in Ubuntu 12.10, 13.04 Raring Ringtail & LinuxMint13 : Updated: 10/09/2012 :LAMP (Linux, Apache, MySQL and PHP) is an open source Web development platform ...0 comments |
- Install LAMP Server (Apache, MySQL or MariaDB, PHP) On Ubuntu 13.10 : Updated January 12, 2014 LAMP is a combination of operating system and open-source software stack. ...0 comments |
- How to Install uTorrent Client on Ubuntu/Debian/Linux Mint : uTorrent is a lightweight and efficient BitTorrent client for Linux, Windows OS and Mac OS. The inst...0 comments |
- Fedora 21 Scheduled For Release In October
- Install Uget Download Manager In Ubuntu, Fedora, Debian
- Download Elementary OS ‘Luna’ Official Wallpapers
- Install Power Commands 0.1.5 On Ubuntu 14.04/13.10/12.10/12.04
- 5 Android Apps that’s Going to Make Running Your Business Less Stressful
- Puppet agent Install Using Script
- Install Corosync and Pacemaker On CentOS 6.5
- Install Fail2Ban On Ubuntu Server 13.04/13.10
- How To Install Google Chrome in Fedora 20, 19, 18
- How to surf using Tor Browser Bundle
This work by unixmen.com is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.
Copyright © 2008-2013 Unixmen.com .