The hacker who claims he can crash your plane
"You can use this system to modify approximately everything related to the navigation of the plane... that includes a lot of nasty things"
Hugo Teso, a security researcher from German consultancy agency N.Runs, claims he can hijack an airplane's navigation systems using a smartphone app, radio transmitter, and flight software he purchased off eBay.
Speaking at this week's Hack in the Box conference in Amsterdam, Tesso "employed a Samsung Galaxy smartphone to demonstrate how he could adjust the heading, altitude, and speed of a virtual airplane by sending it false navigation data," reports InformationWeek.
"You can use this system to modify approximately everything related to the navigation of the plane," Teso tells Forbes. "That includes a lot of nasty things."
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
The smartphone app he developed, nicknamed PlaneSploit, takes advantage of a plane's Aircraft Communications Addressing and Report System (ACARS), which uses short transmissions to beam data between aircraft and satellites. The problem, says Teso, is that "ACARS has no security at all." Anyone can transmit fake data to alter an aircraft's trajectory.
What kind of damage are we talking about, exactly? Here's Computerworld with the rundown:
Honeywell, one of the aerospace companies behind the ACARS system, says that it is taking the alleged exploit very seriously, and confirmed that it's been in talks with N.Runs to review Teso's research. However, a Honeywell spokesperson says Teso's ability to commandeer an aircraft remotely may be overblown.
The software is "normally available as an online pilot training aid," a Honeywell rep tells InformationWeek. "In other words, what Teso did was hack a PC-based training version of [the flight management system] that's used to simulate the flight environment, not the actual certified flight software installed on an aircraft."
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
Teso says his firm has alerted the Federal Aviation Administration (FAA) and the European Aviation Safety Administration (EASA), and is working with them to fix the vulnerabilities.
Create an account with the same email registered to your subscription to unlock access.
-
Why is Tesla stumbling?
In the Spotlight More competition, confusion about the future and a giant pay package for Elon Musk
By Joel Mathis, The Week US Published
-
How Taylor Swift changed copyright negotiations in music
under the radar The success of Taylor's Version rerecordings has put new pressure on record labels
By Theara Coleman, The Week US Published
-
Job scams are increasingly common. Here's what to look out for.
The Explainer You should never pay for an application or give out your personal info before being hired
By Becca Stanek, The Week US Published