A Mile-High Hack: An App That Could Remotely Hijack Planes | WAMU 88.5 - American University Radio

NPR : News

Filed Under:

A Mile-High Hack: An App That Could Remotely Hijack Planes

The Federal Aviation Administration continues work on its multibillion-dollar upgrade to the nation's air traffic control system, but it may not be enough to stop hackers from taking control of airplanes with a smartphone.

That's the warning from pilot and IT consultant Hugo Teso, who demonstrated how easy it would be to exploit traffic control systems at the Hack In The Box security conference in Amsterdam this week. To the fascination of those in attendance and following on Twitter, Teso demonstrated a remote attack on a virtual air control system by using a radio transmitter, flight code software and an app he designed for his Android smartphone.

Help Net Security reports:

"The application, fittingly named PlaneSploit, sports a clean and simple interface, but is packed full with features. This is a remarkable example of technology evolution - ten years ago we barely had phones with a color screen, today we can use them to hack aircrafts.

"PlaneSploit uses the Flightradar24 live flight tracker and you can tap on any airplane found in range. When talking about the range, please keep in mind that we are talking about a proof-of-concept application used in a virtual environment."

Taso, who considered it too unethical to hack an actual jet in flight for his presentation, used the demo to sound the alarm to the FAA and others that even the agency's Next Generation Air Transportation System currently in development is vulnerable.

NextGen will keep tabs on every plane in U.S. airspace using GPS technology instead of a traditional radar, and comes with a price tag in the tens of billions of dollars. But Taso suggests even the new system could be compromised with the right expertise and software framework.

To find targets, Teso exploited an existing communications system that sends information about each aircraft with an onboard transmitter. Then, using the Aircraft Communications Addressing and Reporting System, ACARS, he broke into a virtual airplane's onboard computer system and uploaded spoofed, malicious messages that affected the "behavior" of the plane.

Pilots could regain control of their planes with analog instruments, since attacks of this kind only work when planes are in auto-pilot, reports Help Net. But few modern planes have analog instruments anymore, and, Teso said, pilots would have to notice the plane's computer was taken over to correct the problem.

-- h/t Steve Henn

Copyright 2013 NPR. To see more, visit http://www.npr.org/.

WAMU 88.5

Key Civil War Generals The Subject Of New Smithsonian Exhibit

A new exhibit at the Smithsonian's National Portrait Gallery focuses on Civil War generals Ulysses S. Grant and Robert E. Lee.
NPR

Is Foster Farms A Food Safety Pioneer Or A Persistent Offender?

The California chicken producer has been dogged by food safety problems at its plants for months. But Foster Farms may also now be one of the country's cleanest, safest sources of chicken products.
NPR

Congress Has The Ability To Fix Immigration Crisis, Obama Says

His remarks in Dallas followed a meeting with faith leaders and local officials, including Gov. Rick Perry, to discuss the large number of unaccompanied minors at the border.
NPR

What Burritos And Sandwiches Can Teach Us About Innovation

Is a burrito a sandwich? The answer may sound simple to you ... but the question gets at the very heart of a tension that's existed for ages.

Leave a Comment

Help keep the conversation civil. Please refer to our Terms of Use and Code of Conduct before posting your comments.