NPR : News

Filed Under:

A Mile-High Hack: An App That Could Remotely Hijack Planes

The Federal Aviation Administration continues work on its multibillion-dollar upgrade to the nation's air traffic control system, but it may not be enough to stop hackers from taking control of airplanes with a smartphone.

That's the warning from pilot and IT consultant Hugo Teso, who demonstrated how easy it would be to exploit traffic control systems at the Hack In The Box security conference in Amsterdam this week. To the fascination of those in attendance and following on Twitter, Teso demonstrated a remote attack on a virtual air control system by using a radio transmitter, flight code software and an app he designed for his Android smartphone.

Help Net Security reports:

"The application, fittingly named PlaneSploit, sports a clean and simple interface, but is packed full with features. This is a remarkable example of technology evolution - ten years ago we barely had phones with a color screen, today we can use them to hack aircrafts.

"PlaneSploit uses the Flightradar24 live flight tracker and you can tap on any airplane found in range. When talking about the range, please keep in mind that we are talking about a proof-of-concept application used in a virtual environment."

Taso, who considered it too unethical to hack an actual jet in flight for his presentation, used the demo to sound the alarm to the FAA and others that even the agency's Next Generation Air Transportation System currently in development is vulnerable.

NextGen will keep tabs on every plane in U.S. airspace using GPS technology instead of a traditional radar, and comes with a price tag in the tens of billions of dollars. But Taso suggests even the new system could be compromised with the right expertise and software framework.

To find targets, Teso exploited an existing communications system that sends information about each aircraft with an onboard transmitter. Then, using the Aircraft Communications Addressing and Reporting System, ACARS, he broke into a virtual airplane's onboard computer system and uploaded spoofed, malicious messages that affected the "behavior" of the plane.

Pilots could regain control of their planes with analog instruments, since attacks of this kind only work when planes are in auto-pilot, reports Help Net. But few modern planes have analog instruments anymore, and, Teso said, pilots would have to notice the plane's computer was taken over to correct the problem.

-- h/t Steve Henn

Copyright 2013 NPR. To see more, visit http://www.npr.org/.

WAMU 88.5

Verdine White On 45 Years With Earth, Wind & Fire

Forty-five years ago, the band “Earth, Wind and Fire” introduced audiences to a new kind of funk--one that fused soul, jazz, Latin and pop. Bassist Verdine White talks to guest host Derek McGinty about breaking racial boundaries in music and how the band is still evolving.

NPR

The Case Against The Shirley Temple (The Drink)

Author and cocktail enthusiast Wayne Curtis wrote an article called "Shirley Temples Are Destroying America's Youth." He talks about why he hates Shirley Temples — the drink, not the person.
WAMU 88.5

What's Ahead At The Democratic National Convention

The Democratic National Convention gets underway in Philadelphia, where Hillary Clinton will accept the presidential nomination.

NPR

Experimental Plane Sets Off On Final Leg Of Its Round-The-World Journey

It's the first time for a solar-powered plane to circumnavigate the globe. Now it's en route to Abu Dhabi, United Arab Emirates — and you can watch the journey in a live video from the cockpit.

Leave a Comment

Help keep the conversation civil. Please refer to our Terms of Use and Code of Conduct before posting your comments.