Is It Really Possible To Hack An Airplane?
April 19, 2013
The tragic events of September 11, 2001 forever changed the way the US and, consequently, the rest of the world came to view airline travel and security. While things have calmed down greatly in the airline industry since the attacks over a decade ago, new technological discoveries have many people incredibly nervous about airline travel for the first time since.
Enter Hugo Teso at Hack in the Box
Hugo Teso is a man of many talents, including his skills as a cyber security researcher at n.runs AG in Germany and the fact that he’s a trained commercial pilot. Last Wednesday (April 10), Teso dropped some pretty heavy discoveries on the audience at Hack in the Box in Amsterdam. He had created an exploit framework (called SIMON) and an Android App (called PlaneSploit) that could be used to theoretically hack an airplane.
Teso had conducted his research on aircraft hardware and software that he acquired from various retailers, such as eBay. He used flight simulation software to highlight his ability to hack into an airplane. With this malware, Teso showed that he would be able to gain information from an onboard computer, change the intended destination of the plane, flash the interior lights and deliver spoofed messages that altered the plane’s behavior. This attack could even cause the plane to crash if pilots are unable to override autopilot functions or are unable to handle the plane manually, a terrifying fact in itself that some pilots may not be able to perform these functions.
According to Help Net Security’s Zeljka Zorz and Berislov Kucan, Hugo Teso helped to “shed light on the sorry state of aviation computer systems and communication protocols.” They go on to call the aviation systems “massively insecure [technologies].” At Hack in the Box, Teso used the publicly available Flightradar24, a flight tracker, along with his PlaneSploit app. He showed how the app enables users to tap any plane within range, and execute any of the following functions:
- Please Go Here: Users can change the course of the plane by tapping the desired destination point on the map.
- Define Area: User can pre-set commands for a plane to be executed when the plane reaches “x” miles of chosen area.
- Visit Ground: Crashes the plane.
- Kiss Off: Removes plane from the system.
- Be Puckish: Flashes lights and sounds alarm on the plane intended to alert pilots of something going wrong.
Thankfully for airline passengers and other citizens of the world, Teso’s reasons for the research were benevolent, as he clearly values the safety of the general public over fame or notoriety. He has refrained from sharing any details that would enable others to hack airplanes, given that the vulnerabilities have yet to be fixed. Despite his media attention, Teso stated that he is pleasantly surprised with the receptivity of the airline industry, from which several companies have vowed to help him continue his research as he collaborates with them to patch these vulnerabilities.
The FAA and EASA Responses
While many have already come to their own conclusions about Teso’s findings, the Federal Aviation Administration (FAA) and European Aviation Safety Agency (EASA) have released similar statements on their beliefs about the possibility of hacking airplanes. The FAA has released a statement directly referring to Teso’s work, claiming that the vulnerabilities that he discovered are irrelevant. According to their statement, PlaneSploit and SIMON are not a threat because “[They] do not work on certified flight hardware… Therefore a hacker cannot obtain ‘full control over an aircraft’ as the technology consultant [Teso] has claimed.”
The EASA essentially concurred with the FAA, stating that the certifiable embedded software has security that is not present on the flight simulation software, therefore rendering Teso’s test useless. Airplane equipment manufacturers Honeywell and Rockwell Collins have also jumped on board in denying Teso’s findings. They claim that the flight simulation software that Teso used is “not analogous to certified aircraft and systems…” and therefore his findings should be dismissed.
This is an odd inconsistency, as Teso claimed when he spoke after Hack in the Box that the industry was receptive to his ideas and willing to work with him. Perhaps the FAA changed their mind after doing more research, or after headlines started circulating? Or maybe Teso was exaggerating the reaction of the industry to support his findings? Either way, it is quickly turning into a “he-said she-said” scenario in the PR world.
“Put Up or Shut Up”
According to findings from VentureBeat, Hack in the Box wasn’t the first mention of hacking airplanes; in fact researcher/hacker Brad “Renderman” Haines knew that this was a possibility at least a year ago. As for the FAA’s recent comments towards Teso’s presentation, Renderman had this to say to VentureBeat:
“Really, it’s put up or shut up. If they say it’s secure, there should be no harm in publicly giving access to a test lab. … Now, you don’t have to be a nation state in order to tinker with this stuff. You can be some bored guy on a couch.”
At this point, from an outsider’s perspective, it’s pretty difficult to determine the validity of Teso’s claim to be able to hack airplanes, but it’s certainly a controversial idea that has attracted a lot of attention. However, Renderman makes a good point, if we’re so confident in our technology, what’s the harm in testing it in a controlled environment? Although it could further expose the vulnerability of air travel if Teso is correct, it would also lead towards the resolution of the issue. We’ll just have to wait and find out as this story continues to develop!