Hijack a plane? - There is an app for that

Hugo Teso a security consultant with nRuns GmbH in Germany showed that it is possible to hijack an airplane without even being on board, potentially crashing the aircraft. All you need is your Android, a radio transmitter, and some basic flight software which can readily be purchased on eBay.

During his lecture he uses ADS-B and ACARS protocols to plot and analyze the potential targets, and then attacks on-board systems, complex enough to be vulnerable to (almost) common vulnerability research and exploitation techniques. Different post-exploitation vectors will finally be considered in order to gain better aircraft control.

He demonstrates his 3 year research findings at the Hack in the Box conference in Amsterdam.

Teso went on to show that he could exploit ACARS (Aircraft Communications Addressing and Reporting System) security vulnerabilities, along with ADS-B (Automatic Dependent Surveillance-Broadcast) which is what is used to track aircraft in real-time. He found that most of this sensitive technology was unencrypted and unauthenticated.

Net Security reported that based on his own research, Teso developed the SIMON framework that is deliberately made only to work in a virtual environment and cannot be used on real-life aircraft.

Since it's nearly impossible to detect the framework once deployed on the Flight Management System, there is no need to disguise it like a rootkit. By using SIMON, the attacker can upload a specific payload to the remote FSM, upload flight plans, detailed commands or even custom plugins that could be developed for the framework.

During the lecture Teso used a Samsung Galaxy smartphone to show first hand how he could hack into the flight systems on several virtual planes.

The slideshow that was part of his presentation if you are interested can be found at this link.