How much damage can one do with a smartphone? If you’re name is Hugo Teso, the answer is a hell of a lot.
Teso, a trained pilot who’s also a security consultant, attended this year’s Hack in the Box conference and showed off a nifty new app he’s been working on called PlaneSploit. The app, according to Teso, can make commercial airplanes “dance to his tune.”
According to Help Net Security, the app works in tandem with an exploitation framework called SIMON and uses two technologies to gather information about aircrafts and then to send messages to air traffic controllers and aircrafts:
“One of the two technologies he abused is the Automatic Dependent Surveillance-Broadcast (ADS-B), which sends information about each aircraft (identification, current position, altitude, and so on) through an on-board transmitter to air traffic controllers, and allows aircrafts equipped with the technology to receive flight, traffic and weather information about other aircrafts currently in the air in their vicinity.
The other one is the Aircraft Communications Addressing and Reporting System (ACARS), which is used to exchange messages between aircrafts and air traffic controllers via radio or satellite, as well as to automatically deliver information about each flight phase to the latter.”
Don’t panic. The PlaneSploit is merely a proof of concept. Teso’s whole goal of building and presenting the app was to “bring to light the sorry state of security of aviation computer systems and communication protocol.