Hijacking airplanes? There’s an Android app for that!

by: Chris SmithApril 10, 2013

Image Credit: Lifehacker

With air-related travel security at an all-time high, a security expert and pilot reveals that airplanes can be hijacked with help of an Android phone and additional software that can take advantage of the dated airplane computer systems.

Talking at the Hack In The Box Conference in Amsterdam, the Netherlands, Hugo Teso – an IT security expert and trained commercial pilot, with extensive experience in both fields – has revealed that current airplanes are susceptible to malicious attacks that could let hackers take “complete control” of aircrafts with help of a mobile device.

Teso used his knowledge about aviation computer systems and communication protocols security to develop software that would install itself on the on-board computer (SIMON) as well as a simple Android app that would then let a hacker control various aspects of the plane (PlaneSploit).

The two airplane security technologies Teso took advantage of are the Automatic Dependent Surveillance-Broadcast (ADS-B) and the Aircraft Communication Addressing and Reporting System (ACARS). Both of them are apparently “highly susceptible” to “a number of passive and active attacks.” Here’s what each of them is responsible for according to Net Security:

One of the two technologies he abused is the Automatic Dependent Surveillance-Broadcast (ADS-B), which sends information about each aircraft (identification, current position, altitude, and so on) through an on-board transmitter to air traffic controllers, and allows aircrafts equipped with the technology to receive flight, traffic and weather information about other aircrafts currently in the air in their vicinity.

The other one is the Aircraft Communications Addressing and Reporting System (ACARS), which is used to exchange messages between aircrafts and air traffic controllers via radio or satellite, as well as to automatically deliver information about each flight phase to the latter.

SIMON is a framework that works only in a virtual environment created with help of software and hardware products for this purpose by Teso to simulate real life scenarios. Once deployed, it’s apparently untraceable, and allows the hacker to upload other software to the “Flight Management System [FMS] (computer unit + control display unit)” on a plane and then further control the aircraft remotely with help of the Android app.

Android Security

PlaneSploit apparently features a “clean and simple interface, but is packed full with features.” Here’s what the app can do once SIMON is installed on the FMS:

  • Please go here: A way of interacting with the plane where the user can dynamically tap locations on the map and change the plane’s course.
  • Define area: Set detailed filters related to the airplane, for example activate something when a plane is in the area of X kilometers or when it starts flying on a predefined altitude.
  • Visit ground: Crash the airplane.
  • Kiss off: Remove itself from the system.
  • Be punckish: A theatric way of alerting the pilots that something is seriously wrong – lights start flashing and alarms start buzzing.

This apparently simple airplane hijacking method – at least for those people that are familiarized with the way airplane computers work – only works when the auto-pilot is on. Pilots would be able to disengage the auto-pilot and fly the plane using analog instruments, in case the aircraft has them and, naturally, in case tampering with the FMS is suspected.

As for airplane industry, it would appear that it’s aware of these security issues. Teso informed companies of his security research thus far, and it looks like they will work with him in the future, probably to patch vulnerabilities. The newer the airplanes, the easier for their software to be updated, but some systems dating back to the 1970s could be almost impossible to fix.

With all that in mind, we can only appreciate the way modern mobile technology has been used to discover and address such security issues related to an industry where security is of utmost importance.

Thanks, Zeljka!

  • districtjack

    In this day and age I believe no aircraft will be successfully hijacked. The passengers would attack the hijackers immediately because they know what will happen if they don’t.
    Airport security is currently a paranoid waste of money. It is frustrating to go through airport security nowadays. While I believe metal detectors and carry on luggage screenings are necessary, I don’t believe pat-Downs on children are necessary.

    As for electronic attacks, the pilot would simply disengage the auto pilot and control the aircraft. It’s never been safer to fly and the only thing frightening about air travel is having to go into an airport and face security screening.

  • An Airline Mechanic

    I call BULLSHIT.

    Why is it that ACARS and ADS-B (ATC reporting) is deferrable per the MEL (Minimum Equipment List) of practically EVERY AIRLINE IN THE WORLD if it’s SOOOO important of a system and could cause an airplane to crash? BECAUSE IT’S NOT!

    First of all, ACARS is a communications device that is primarily used to communicate aircraft performance and times to that airline’s headquarters. It DOES NOT send signals to ANY part of the aircraft (ie. engines or flight controls). PLUS… there are still plenty of airlines that don’t even have ACARS installed on their airplanes. (Yes, that includes some airlines with commercial jets.) So hacking ACARS can be remedied by a simple protocol of calling HQ via VHF, HF or SAT PHONE (if installed) when there is a questionable communication received.

    ATC reporting and TCAS (Traffic Collision Avoidance System) are ALSO DEFERRABLE when inoperative. AGAIN… questionable items regarding those systems can again be remedied by simply putting in a simple protocol that would instruct the Captain to call HQ for instructions or divert to the next closest airport.

    NONE of these ‘hackable’ systems have anything to do with direct control of an aircraft’s flight controls or engine systems. Even though newer airplanes are ‘fly-by-wire’… they are hard wired to FCC (Flight Control Computers) and EEC’s (Electronic Engine Controls) or FADEC (Full Authority Digital Engine Controls)… which cannot be hacked in wirelessly.

    For your information… I am a Airframe & Powerplant Licensed Line Maintenance Mechanic working for a major airline in the United States and have been for over 20 years. I have worked (and still do on most) Boeing 727, 737, 747, 757, 767, 777, Airbus A300, A319, A320, Douglas DC-8, DC-9, DC-10 & Lockheed L1011’s.

    Please do not add to the media sensationalization of BS by reporting about crap just to scare the public and increase your site’s visit count.

  • OOV

    i agree with you also, when i saw the news i almost cry in laugh with
    this article, april fools is long gone. Hacking any thing in the
    mainframe of the airplane, will required a computer with some power of
    processing (not a smartphone of this decade), an engineer that works
    with airframes and structures of the airplane(and being precise the
    model of the aeroplane, since they are not the same) and a great
    knowledge of telecoms to do a successful hacking, even if the aeroplane
    doesn’t have security measures, with they have. So this is actually a bullshit of some movie,
    please do not publish things that doesn’t work in real life. I’m a
    Operations Flight Officer with a PHD in Engineering Electronics,
    Telecoms and Computers. BTW where’s the source?