Aircraft can be hijacked or even crashed using an app running on a smartphone, a security researcher has claimed.
Hugo Teso, who is also a qualified pilot, claims to have developed an app for Android phones that could change the altitude, speed and direction of commercial aircraft in flight, reports the Telegraph.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
The app was developed using aircraft computers and software acquired from eBay, he said in a presentation to the Hack In The Box security conference in Amsterdam.
The PlaneSploit app is designed to exploit vulnerabilities in flight management systems (FMS) and a protocol used to transmit data to commercial aircraft.
Teso said he could take over a plane by sending it malicious radio signals using an exploit framework and the PlaneSploit app that can communicate with flight management systems in aircraft.
He has alerted the US Federal Aviation Administration (FAA) and the European Aviation Safety Administration (EASA) to his discovery.
Teso said he could take over a plane by sending it malicious radio signals using an exploit framework and the PlaneSploit app that can communicate with flight management systems in aircraft
Teso told Forbes he is also working with Thales, Honeywell and Rockwell Collins, three of the companies whose products he was able to manipulate.
However, the EASA said in a statement that Teso’s demonstration in Amsterdam had been based on a PC training simulator and did not reveal potential vulnerabilities on actual flying systems.
“There are major differences between a PC-based training FMS software and an embedded FMS software,” the statement said.
The version of FMS used on flight decks was hardened to avoid many of the loopholes found in the training systems, the EASA said.
The FAA said it was aware of Teso's presentation, but the hacking technique he described did not pose a flight safety concern because it does not work on certified flight hardware.
"The described technique cannot engage or control the aircraft's autopilot system using the FMS or prevent a pilot from overriding the autopilot," the FAA statement said.
Teso, who is investigating other potential attack methods, said there was little risk that malicious hackers would be able to use what he found, according to the BBC.
He said attackers would need to have a solid knowledge of aviation and its protocols, which were not easy to get.