Hijacking an Aircraft with a Simple Android App PlaneSploit
A malicious hacker is a threat to everybody. He uses his superior intellect to wreak havoc just for fun. Imagine if such a person is able to simply take over the control of an airplane just by using an Android app. Sounds like the opening scene of a Hollywood movie doesn’t it? In real life, a German security expert recently presented an Android app that can control an airplane using an Android app. PlaneSploit is an Android app that can interact with the plane’s FMS or Flight Management Systems.
At a recent security conference in Amsterdam, the Spanish security researcher, Hugo Teso, showcased the app. PlaneSploit takes advantage of a minor flawed protocol that transmits data from the ground to commercial airplanes. This protocol has been found vulnerable to attack from the app by Teso. In other words, A hacker armed with this app turns into a terrifying hijacker. The vulnerable protocol is a regular data exchange system known as ACARS. The software for these systems has been provided by companies like Thales, Rockwell Collins and Honeywell. The app exploits flaws in the protocol and certain bugs in the software to assume control over the system.
The PlaneSploit app detects the communicating radio signals and sends its own malicious signals along with them. The app uses an exploit framework, named SIMON, created by Teso to begin communications with the plane’s FMS. The hubris of the ACARS is that it has negligible authentication protocols which render it difficult for the plane to distinguish between signals from the ground station and a hacker. Teso used simulation aircraft training software to showcase his app’s potential. However, authorities from the FAA (Federal Aviation Administration) and Honeywell have debunked these claims as being impractical in real life.
The FAA commented on the presentation and stated that the app poses no credible threat to flight safety. FAA remarks that while the app may have been to gain control over the simulation software, certified flight hardware may be much more difficult to penetrate. The FAA has rejected the possibility of a hacker gaining undue control over an aircraft. Even Honeywell quipped in with statements that Teso’s app poses no credible danger to real-life aircraft FMS which have greater protection against corrupting or overwriting of software.
However, it may be interesting to note that while the software is in place to guide the plane, the crew has control over the aircraft in the end. And any suspicious activity that they detect can be immediately put to an end by simply disabling the autopilot and taking charge manually. Even with minor adjustments made to the app to suit real world aircraft, a hacker may not be able to gain complete control of a craft. The maximum extent of the hackers control may be to alarm the passengers by suddenly dropping the pressured air masks. The hack in itself may be impractical at the moment, but the flaws it has exposed may pose a larger threat at some point in the future. FAA needs to some damage control to prevent any such exploitable flaws.
Like us on Facebook
This week Top Posts
- Top Things To Do After Installing Ubuntu 13.10 'Saucy Salamander' : Ubuntu 13.10 Saucy Salamander will be released on coming October 17th with many new salient featur...0 comments |
- OpenLDAP Installation and Configuration in Ubuntu 12.10/13.04/13.10 And Debian 6/7 : OpenLDAP is a free open source Light Weight Directory Access protocol developed by the OpenLDAP proj...0 comments |
- Configure Your Browser To Use Tor On Ubuntu/Debian/Linux Mint : Tor, The Onion Router, is a network of Virtual Tunnels that allows users to communicate securely and...2 comments |
- How To Upgrade From Ubuntu 13.04 Raring To Ubuntu 13.10 Saucy Salamander : Ubuntu 13.10 Saucy will be released on October 17th. Hope it will come with lot of improvements and ...0 comments |
- Install lamp with 1 command in Ubuntu 12.10, 13.04 Raring Ringtail & LinuxMint13 : Updated: 10/09/2012 :LAMP (Linux, Apache, MySQL and PHP) is an open source Web development platform ...0 comments |
- Setup A Full Featured ITIL Management System Using Integria IMS On CentOS 6 : Integria IMS is a fully featured ITIL management system, featuring a ticketing system, inventory/C...1 comment |
- Twelve Vulnerabilities Have Been Fixed In Ubuntu 12.04, Time To Update
- OpenLDAP Installation and Configuration in Ubuntu 12.10/13.04/13.10 And Debian 6/7
- Configure Your Browser To Use Tor On Ubuntu/Debian/Linux Mint
- Setup A Full Featured ITIL Management System Using Integria IMS On CentOS 6
- Install LibreOffice 4.1.3 in Elementary OS ‘Luna’
- How To Install Simple Scan in Crunchbang ‘Waldorf’
- Selene Media Encoder: Convert Audio, Video Files To Most Popular Formats
- Linux Kernel 3.12.2 Is Available For Download! Install / Upgrade Instructions
- CentOS 6.5 Has Been Officially Released!
- Format Junkie: Convert Media Files To All Popular Formats
This work by unixmen.com is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.
Copyright © 2008-2013 Unixmen.com .