Hackers Could Hijack Planes, Security Expert Warns

Dennis Faas's picture

A security researcher is warning that vulnerabilities in the aviation industry's communications systems could allow a hacker to take control of an airplane mid-flight.

German security consultant Hugo Teso recently presented his research on the aviation industry's security vulnerabilities at the 'Hack in the Box' conference in Amsterdam. (Source: cnn.com)

Teso, who held a commercial pilot license for more than a decade, spent three years examining the aviation industry's security systems. He found a staggering number of vulnerabilities, particularly in a system known as ADS-B, or automatic dependent surveillance-broadcast.

This technology is frequently employed for tracking aircraft.

Another problem affected ACARS, or Aircraft Communications Addressing and Reporting System. This datalink platform is used to send messages between aircraft and ground-based control centers.

Researcher Easily Acquires Necessary Hardware, Software

Teso says that a serious lack of security protecting these systems could be easily exploited by sophisticated hackers.

To prove his point, Teso acquired (mostly through eBay and other accessible vendors) the software and hardware tools used by the aviation industry.

Teso says that by using these tools he found that he could exploit flaws in the aviation industry's flight management systems and manipulate in-flight navigation features.

By using the hardware and software he easily acquired, Teso insists a hacker with knowledge of the aviation industry could potentially hack into critical systems used by flight teams or ground service control centers.

Android App Automates Hacking Process

To really demonstrate just how vulnerable aviation security systems are, Teso built a special Android application called PlaneSploit that automates an entire attack.

Upon being initiated, PlaneSploit finds planes, exploits security vulnerabilities, and then manipulates key settings, including flight path.

Teso noted that such activity would probably alert the authorities, who could use the hack to search for and find a culprit. However, that won't be much comfort to many travelers.

For now, Teso says he's working with the European Aviation Safety Agency to address these issues.

"They haven't denied the issues, they listened to us and they offered resources," he said. "They're trying to help us to take this research on a real plane." (Source: computerworld.com)

Rate this article: 
No votes yet