(CNN) -- Could this be the deadliest smartphone app ever?
A German security consultant,
who's also a commercial pilot, has demonstrated tools he says could be used to
hijack an airplane remotely, using just an Android phone.
Speaking at the Hack in the
Box security summit in Amsterdam, Netherlands, Hugo Teso said Wednesday that
he spent three years developing SIMON, a framework of malicious code that could
be used to attack and exploit airline security software, and an Android app to
run it that he calls PlaneSploit.
Using a flight simulator, Teso
showed off the ability to change the speed, altitude and direction of a virtual
airplane by sending radio signals to its flight-management system. Current
security systems don't have strong enough authentication methods to make sure
the commands are coming from a legitimate source, he said.
"You can use this system to
modify approximately everything related to the navigation of the plane," Teso told Forbes after his presentation. "That includes a lot of
nasty things."
Hugo Teso told a crowd at an Amsterdam conference that he spent three years
coding the tools he used.
He told the crowd that the
tools also could be used to do things like change what's on a pilot's display
screen or turn off the lights in the cockpit. With the Android app he created,
he said, he could remotely control a plane by simply tapping preloaded commands
like "Please Go Here" and the ominous "Visit Ground."
The Federal Aviation
Administration said it is aware of Teso's claims, but said the hacking technique
does not pose a threat on real flights because it does not work on certified
flight hardware.
"The described technique cannot
engage or control the aircraft's autopilot system using the (Flight Management
System) or prevent a pilot from overriding the autopilot," the FAA said.
"Therefore, a hacker cannot obtain 'full control of an aircraft' as the
technology consultant has claimed."
Teso says he developed SIMON in
a way that makes it work only in virtual environments, not on actual
aircraft.
But the risk is there, some
experts say.
"His testing laboratory
consists of a series of software and hardware products, but the connection and
communication methods, as well as ways of exploitation, are absolutely the same
as they would be in an actual real-world scenario," analysts at Help Net
Security wrote in a blog
post.
Teso told the crowd that he
used flight-management hardware that he bought on eBay and publicly available
flight-simulator software that contains at least some of the same computer
coding as real flight software.
Analyst Graham Cluley of
Sophos Security said it's unclear how devastating Teso's find would be if
unleashed on an airplane in flight.
"No one else has had an
opportunity to test this researcher's claims as he has, thankfully, kept secret
details of the vulnerabilities he was able to exploit," Cluley said. "We are
also told that he has informed the relevant bodies, so steps can be taken to
patch any security holes before someone with more malicious intent has an
opportunity to exploit them."
Teso said at the summit that
he's reached out to the companies that make the systems he exploited and that
they were receptive to addressing his concerns. He also said he's contacted
aviation safety officials in the United States and Europe.
"From the sound of things,
this researcher has got himself a lot of media attention, but still believes in
responsible disclosure, rather than potentially putting aircraft and passengers
at risk," Cluley said.
Teso isn't the first so-called
"white hat" hacker to expose what appear to be holes in air-traffic
security.
Last year, at the Black Hat security conference in Las Vegas, computer
scientist Andrei Costin discussed weaknesses he said he found in a new U.S.
air-traffic security system set to roll out next year. The flaws he found
weren't instantly catastrophic, he said, but could be used to track private
airplanes, intercept messages and jam communications between planes and
air-traffic control
No comments:
Post a Comment