There’s am app for that: Android app can hijack airplanes

There’s am app for that: Android app can hijack airplanes

How much damage can one do with a smartphone? If you’re name is Hugo Teso, the answer is a hell of a lot.

Teso, a trained pilot who’s also a security consultant, attended this year’s Hack in the Box conference and showed off a nifty new app he’s been working on called PlaneSploit. The app, according to Teso, can make commercial airplanes “dance to his tune.”

According to Help Net Security, the app works in tandem with an exploitation framework called SIMON and uses two technologies to gather information about aircrafts and then to send messages to air traffic controllers and aircrafts:

“One of the two technologies he abused is the Automatic Dependent Surveillance-Broadcast (ADS-B), which sends information about each aircraft (identification, current position, altitude, and so on) through an on-board transmitter to air traffic controllers, and allows aircrafts equipped with the technology to receive flight, traffic and weather information about other aircrafts currently in the air in their vicinity.

The other one is the Aircraft Communications Addressing and Reporting System (ACARS), which is used to exchange messages between aircrafts and air traffic controllers via radio or satellite, as well as to automatically deliver information about each flight phase to the latter.”

Don’t panic. The PlaneSploit is merely a proof of concept. Teso’s whole goal of building and presenting the app was to “bring to light the sorry state of security of aviation computer systems and communication protocol.

Continue reading →


Commenting Policy

We have no tolerance for comments containing violence, racism, vulgarity, profanity, all caps, or discourteous behavior. Thank you for partnering with us to maintain a courteous and useful public environment where we can engage in reasonable discourse. Read more.

You may use HTML in your comments. Feel free to review the full list of allowed HTML here.

Facebook Comments

Disqus Comments