Next airplane hijackers might just be carrying Android phones
We knew that the Android platform is versatile, but this here security research takes the cake. At the Hack In The Box Conference in Amsterdam, an IT security expert and licensed commercial pilot, demonstrated how "complete control” over an airplane can be achieved with just your Android device.
The cherry on the top is that you can even use the phone's accelerometer to physically change the plane's course by just tilting your handset in different directions, as if you are playing an Android game.
Hugo Teso hacked the Automatic Dependent Surveillance-Broadcast (ADS-B) and the Aircraft Communication Addressing and Reporting System (ACARS) in a virtual environment, and it apparently wasn't hard to do, as those turned out pretty prone to malicious attacks. He then even developed an app called PlaneSploit that takes over the flight management system (FMS), and can give it directions to change course and the like.
The exploit only works when the plane is on autopilot, and the people in the cockpit can still take manual control over the gear if they know the flight computer has been hacked, but nevertheless Mr Teso warned the air carriers of the threat, as once he installs his virtual environment called SIMON on the plane, it seems to be untraceable.
As for the PlaneSploit Android app, its interface apparently allows all sorts of shenanigans with the plane, once the app has lodged itself in the FMS, and you can use it with the following commands:
- Please go here: A way of interacting with the plane where the user can dynamically tap locations on the map and change the plane’s course.
- Define area: Set detailed filters related to the airplane, for example activate something when a plane is in the area of X kilometers or when it starts flying on a predefined altitude.
- Visit ground: Crash the airplane.
- Kiss off: Remove itself from the system.
- Be punckish: A theatric way of alerting the pilots that something is seriously wrong – lights start flashing and alarms start buzzing.
via Net-security
Things that are NOT allowed: