| ||Thread Tools|
|11th April 2013, 11:15||#1|
Join Date: May 2010
Hijack your plane with an Android phone
Anyone who thought that airport security would allow smartphone use on a plane in the future might be a little worried to know that it is possible to hijack a plane with one.
Hugo Teso, a security consultant at n.runs in Germany, told the Hack In The Box Conference in Amsterdam that it was completely realistic to hijack a plane using Android.
Teso, who has been working in IT for the last eleven years and has been a trained commercial pilot said that the security of aviation computer systems and communication protocols was pants.
According to Security, Teso built an exploit framework dubbed SIMON and an Android app (PlaneSploit) that delivers attack messages to the airplanes' Flight Management System. He demonstrated how it was possible to take complete control of an aircraft.
He proved his point by making virtual planes "dance to his tune".
His hack targeted the Automatic Dependent Surveillance-Broadcast (ADS-B), which sends information about each aircraft through an on-board transmitter to air traffic controllers. This allows aircraft equipped with the technology to receive flight, traffic and weather information about other planes nearby.
The other hack was of the Aircraft Communications Addressing and Reporting System (ACARS), which is used to exchange messages between the plane and air traffic controllers via radio or satellite, as well as to automatically deliver information about each flight phase.
He said that both technologies were massively insecure and are susceptible to a number of passive and active attacks.
In the attack, Teso misused the ADS-B to select targets, and the ACARS to gather information about the onboard computer as well as to exploit its vulnerabilities by delivering spoofed malicious messages that affect the "behaviour" of the plane.
Teso has developed the SIMON framework that is deliberately made only to work in a virtual environment and currently cannot be used on real-life aircraft.
He said it is nearly impossible to detect the framework once deployed on the Flight Management System, there is no need to disguise it like a rootkit.
|Thread||Thread Starter||Forum||Replies||Last Post|
|Unannounced Motorola Android phone surfaces, isn't the fabled 'X phone'||Stefan Mileschin||WebNews||0||13th March 2013 09:09|
|Hands-on with HiSense's first quad-core Android phone, the U958||Stefan Mileschin||WebNews||0||9th January 2013 12:26|
|ZTE quad-core Android phone for about $160||Stefan Mileschin||WebNews||0||6th November 2012 08:09|
|Motorola RAZR i: hands-on with the 2GHz Android phone||Stefan Mileschin||WebNews||0||19th September 2012 08:05|
|Verizon gets an excellent smaller-sized Android phone||Stefan Mileschin||WebNews||0||9th July 2012 14:52|
|HBO Go and Max Go get Android 4.0 phone support||Stefan Mileschin||WebNews||0||7th May 2012 08:39|
|Windows Phone 7 beats iPhone 4 and Android ... in a grilling contest||jmke||WebNews||1||14th November 2010 09:32|
|Samsung Epic 4G Review: The Fastest Android Phone||jmke||WebNews||1||7th September 2010 14:53|
|Overclock Your (Android) Phone||jmke||WebNews||0||21st May 2010 23:10|
|Google and 34 Phone Industry Giants Launch Android OS||jmke||WebNews||0||5th November 2007 21:31|