Airplane Takeover Demonstrated Via Android AppSoftware hack allows security researcher to take control of aircraft navigation and other systems; avionics manufacturers emphasize that the presentation exploited training software.
The avionics systems used in some commercial aircraft are vulnerable to being fed bogus data, which would allow an attacker to take control of navigation systems, relay fake information to pilots' displays and adjust other systems, such as deploying oxygen masks for passengers.
That warning was delivered by Hugo Teso, a researcher at security consultancy N.Runs in Germany who's also a commercial airline pilot, at this week's Hack In The Box conference in Amsterdam.
Using an Android application he developed, dubbed PlaneSploit, Teso employed a Samsung Galaxy smartphone to demonstrate how he could adjust the heading, altitude and speed of a virtual airplane by sending it false navigation data. "You can use this system to modify approximately everything related to the navigation of the plane," Teso told Forbes. "That includes a lot of nasty things."
[ Do you really need an app to find your way around a shopping mall? Read Indoor Location Tracking Has Lost Common Sense. ]
But Teso added that even if a plane did receive and act on spoofed navigation data, a pilot would be able to override the automated controls and take direct control of the aircraft.
According to Teso's Hack In The Box presentation, his research goal has been to successfully exploit an aircraft's flight management system (FMS), which is the computer-human interface in a plane that used for navigation, flight planning, performance computations and related activities. So for the past three years, he's been auditing code and testing for FMS vulnerabilities using hardware and software from Honeywell, Rockwell Collins and Thales, procured largely via eBay.
The vulnerabilities he exploited in his presentation relate to ACARS (Aircraft Communications Addressing and Reporting System), which is used for exchanging text messages between aircraft and ground stations via radio (VHF) or satellite, he said in a blog post previewing his presentation. Notably, ACARS messages aren't authenticated, and thus could be spoofed. "ACARS has no security at all. The airplane has no means to know if the messages it receives are valid or not," Teso said. "So they accept them and you can use them to upload data to the airplane that triggers these vulnerabilities. And then it's game over."
Teso hasn't publicly detailed the precise vulnerabilities he used to craft his attack code, which he dubbed SIMON, but said he's disclosed the flaws to the Federal Aviation Administration and the European Aviation Safety Administration (EASA), as well as to businesses in the aerospace industry that may be affected.
Honeywell spokesman Scott Sayres said that his company is already working with N.Runs to review Teso's research, but downplayed the real-world implications. "If we talk very generically -- not just about Honeywell software -- PC FMS software is normally available as an online pilot training aid," Sayres said via phone. "In other words, what Teso did was hack a PC-based training version of FMS that's used to simulate the flight environment, not the actual certified flight software installed on an aircraft."
EASA said that it's been in contact with Teso, but likewise emphasized that training software isn't the same as certified flight software. "This presentation was based on a PC training simulator and did not reveal potential vulnerabilities on actual flying systems," said spokesman Jeremie Teahan via email. "There are major differences between PC-based training FMS software and embedded FMS software. In particular, the FMS simulation software does not have the same overwriting protection and redundancies that is included in the certified flight software."
"For more than 30 years now, the development of certifiable embedded software has been following strict guidance and best practices that include in particular robustness that is not present on ground-based simulation software," he said.
An FAA official said the agency plans to release a related statement later today.
A well-defended perimeter is only half the battle in securing the government's IT environments. Agencies must also protect their most valuable data. Also in the new, all-digital Secure The Data Center issue of InformationWeek Government: The White House's gun control efforts are at risk of failure because the Bureau of Alcohol, Tobacco, Firearms and Explosives' outdated Firearms Tracing System is in need of an upgrade. (Free registration required.)