Hijack your plane with an Android phone

Stefan Mileschin · 11th April 2013, 10:15

Anyone who thought that airport security would allow smartphone use on a plane in the future might be a little worried to know that it is possible to hijack a plane with one.

Hugo Teso, a security consultant at n.runs in Germany, told the Hack In The Box Conference in Amsterdam that it was completely realistic to hijack a plane using Android.

Teso, who has been working in IT for the last eleven years and has been a trained commercial pilot said that the security of aviation computer systems and communication protocols was pants.

According to Security, Teso built an exploit framework dubbed SIMON and an Android app (PlaneSploit) that delivers attack messages to the airplanes' Flight Management System. He demonstrated how it was possible to take complete control of an aircraft.
He proved his point by making virtual planes "dance to his tune".

His hack targeted the Automatic Dependent Surveillance-Broadcast (ADS-B), which sends information about each aircraft through an on-board transmitter to air traffic controllers. This allows aircraft equipped with the technology to receive flight, traffic and weather information about other planes nearby.

The other hack was of the Aircraft Communications Addressing and Reporting System (ACARS), which is used to exchange messages between the plane and air traffic controllers via radio or satellite, as well as to automatically deliver information about each flight phase.

He said that both technologies were massively insecure and are susceptible to a number of passive and active attacks.

In the attack, Teso misused the ADS-B to select targets, and the ACARS to gather information about the onboard computer as well as to exploit its vulnerabilities by delivering spoofed malicious messages that affect the "behaviour" of the plane.

Teso has developed the SIMON framework that is deliberately made only to work in a virtual environment and currently cannot be used on real-life aircraft.

He said it is nearly impossible to detect the framework once deployed on the Flight Management System, there is no need to disguise it like a rootkit.

http://news.techeye.net/security/hij...-android-phone

11th April 2013, 10:15	#1
Stefan Mileschin [M] Reviewer Join Date: May 2010 Location: Romania Posts: 148,500	Hijack your plane with an Android phone Anyone who thought that airport security would allow smartphone use on a plane in the future might be a little worried to know that it is possible to hijack a plane with one. Hugo Teso, a security consultant at n.runs in Germany, told the Hack In The Box Conference in Amsterdam that it was completely realistic to hijack a plane using Android. Teso, who has been working in IT for the last eleven years and has been a trained commercial pilot said that the security of aviation computer systems and communication protocols was pants. According to Security, Teso built an exploit framework dubbed SIMON and an Android app (PlaneSploit) that delivers attack messages to the airplanes' Flight Management System. He demonstrated how it was possible to take complete control of an aircraft. He proved his point by making virtual planes "dance to his tune". His hack targeted the Automatic Dependent Surveillance-Broadcast (ADS-B), which sends information about each aircraft through an on-board transmitter to air traffic controllers. This allows aircraft equipped with the technology to receive flight, traffic and weather information about other planes nearby. The other hack was of the Aircraft Communications Addressing and Reporting System (ACARS), which is used to exchange messages between the plane and air traffic controllers via radio or satellite, as well as to automatically deliver information about each flight phase. He said that both technologies were massively insecure and are susceptible to a number of passive and active attacks. In the attack, Teso misused the ADS-B to select targets, and the ACARS to gather information about the onboard computer as well as to exploit its vulnerabilities by delivering spoofed malicious messages that affect the "behaviour" of the plane. Teso has developed the SIMON framework that is deliberately made only to work in a virtual environment and currently cannot be used on real-life aircraft. He said it is nearly impossible to detect the framework once deployed on the Flight Management System, there is no need to disguise it like a rootkit. http://news.techeye.net/security/hij...-android-phone

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Unannounced Motorola Android phone surfaces, isn't the fabled 'X phone'	Stefan Mileschin	WebNews	0	13th March 2013 08:09
Hands-on with HiSense's first quad-core Android phone, the U958	Stefan Mileschin	WebNews	0	9th January 2013 11:26
ZTE quad-core Android phone for about $160	Stefan Mileschin	WebNews	0	6th November 2012 07:09
Motorola RAZR i: hands-on with the 2GHz Android phone	Stefan Mileschin	WebNews	0	19th September 2012 07:05
Verizon gets an excellent smaller-sized Android phone	Stefan Mileschin	WebNews	0	9th July 2012 13:52
HBO Go and Max Go get Android 4.0 phone support	Stefan Mileschin	WebNews	0	7th May 2012 07:39
Windows Phone 7 beats iPhone 4 and Android ... in a grilling contest	jmke	WebNews	1	14th November 2010 08:32
Samsung Epic 4G Review: The Fastest Android Phone	jmke	WebNews	1	7th September 2010 13:53
Overclock Your (Android) Phone	jmke	WebNews	0	21st May 2010 22:10
Google and 34 Phone Industry Giants Launch Android OS	jmke	WebNews	0	5th November 2007 20:31