FAA Dismisses Plane Hijack Hack Theory: Report

Dennis Faas's picture

Last week a security researcher based in Europe revealed that, using some hardware and software available on eBay, he was able to develop an application that could be used to remotely control a commercial plane, mid-flight.

That researcher was Germany's Hugo Teso, who demonstrated his trick by producing a special Android app that automated the process of taking control of a plane and then re-directing it.

The app, which is called 'PlaneSploit,' takes advantage of security vulnerabilities in the aviation industry's communications systems. (Source: gawker.com)

Teso said he was working closely with the European Aviation Safety Agency to address the issue.

FAA Says Researcher's System Can't Be Used For Hack

However, it seems the United States' Federal Aviation Administration (FAA) isn't buying the story. Why? Because it says that the PC-based software Teso used to demonstrate the exploit won't work when applied to actual flight hardware.

"The FAA is aware that a German information technology consultant has alleged he has detected a security issue with the Honeywell NZ-2000 Flight Management System (FMS) using only a desktop computer," the FAA noted in a statement released late last week.

"The FAA has determined that the hacking technique described during a recent computer security conference does not pose a flight safety concern because it does not work on certified flight hardware." (Source: informationweek.com)

Furthermore, the FAA says that Teso's idea that the exploit could be used to change a plane's flight path is also misguided.

"The described technique cannot engage or control the aircraft's autopilot system ... or prevent a pilot from overriding the autopilot," the FAA said. "Therefore, a hacker cannot obtain 'full control of an aircraft' as the technology consultant has claimed."

Findings Still Concerning, Security Experts Say

Security experts note that, even though Teso's strategy may fail, it could be used to advance research involving the hacking of flight communications systems.

Teso hasn't yet commented on the FAA's statement, though the company he works for, Germany's N.Runs, said this:

"Our goal is to share the knowledge with the above-mentioned parties so that we can work together to understand the real implications of our findings and try to fix them and to prevent that additional security issues arise on aviation relayed technologies." (Source: informationweek.com)

Rate this article: 
No votes yet