A Mile-High Hack: An App That Could Remotely Hijack Planes | WAMU 88.5 - American University Radio

NPR : News

Filed Under:

A Mile-High Hack: An App That Could Remotely Hijack Planes

The Federal Aviation Administration continues work on its multibillion-dollar upgrade to the nation's air traffic control system, but it may not be enough to stop hackers from taking control of airplanes with a smartphone.

That's the warning from pilot and IT consultant Hugo Teso, who demonstrated how easy it would be to exploit traffic control systems at the Hack In The Box security conference in Amsterdam this week. To the fascination of those in attendance and following on Twitter, Teso demonstrated a remote attack on a virtual air control system by using a radio transmitter, flight code software and an app he designed for his Android smartphone.

Help Net Security reports:

"The application, fittingly named PlaneSploit, sports a clean and simple interface, but is packed full with features. This is a remarkable example of technology evolution - ten years ago we barely had phones with a color screen, today we can use them to hack aircrafts.

"PlaneSploit uses the Flightradar24 live flight tracker and you can tap on any airplane found in range. When talking about the range, please keep in mind that we are talking about a proof-of-concept application used in a virtual environment."

Taso, who considered it too unethical to hack an actual jet in flight for his presentation, used the demo to sound the alarm to the FAA and others that even the agency's Next Generation Air Transportation System currently in development is vulnerable.

NextGen will keep tabs on every plane in U.S. airspace using GPS technology instead of a traditional radar, and comes with a price tag in the tens of billions of dollars. But Taso suggests even the new system could be compromised with the right expertise and software framework.

To find targets, Teso exploited an existing communications system that sends information about each aircraft with an onboard transmitter. Then, using the Aircraft Communications Addressing and Reporting System, ACARS, he broke into a virtual airplane's onboard computer system and uploaded spoofed, malicious messages that affected the "behavior" of the plane.

Pilots could regain control of their planes with analog instruments, since attacks of this kind only work when planes are in auto-pilot, reports Help Net. But few modern planes have analog instruments anymore, and, Teso said, pilots would have to notice the plane's computer was taken over to correct the problem.

-- h/t Steve Henn

Copyright 2013 NPR. To see more, visit http://www.npr.org/.

WAMU 88.5

Art Beat With Lauren Landau, July 22

This weekend you can see two classic operas about sex, jealousy and drama or sit down for a children’s theater performance that takes a lighter look at love.

WAMU 88.5

Two Chicken Megafarms Proposed In Delaware

Delaware is already a big state for the poultry industry, but proposals for two new megafarms could take things to the next level.

WAMU 88.5

Transportation Secretaries Past And Present Sign Open Letter To Congress

Congress keeps kicking the transportation funding plan down the road, which has prompted a group of 11 former federal transportation secretaries along with Secretary Anthony Foxx, to call for long-term investment in infrastructure.

NPR

North Korea Is Not Pleased: Dance Video Features Kim Jong Un

Citing a threat to the leader's dignity, North Korea reportedly asks China to block a video that inserts Kim Jong Un's image into bizarre situations, all set to a bouncy dance track.

Leave a Comment

Help keep the conversation civil. Please refer to our Terms of Use and Code of Conduct before posting your comments.