Jump to content

Open Club  ·  79 members  ·  Free

C James Fan Club

Can Planes can be hacked remotely with Android app?


Recommended Posts

Posted

lol, yeah right u can pick one up on google play ...

 

 

 

Here’s a few important facts: Automated Dependent Surveillance-Broadcast (ADS-B) has no security as was pointed out at Def Con 20 shortly before a hacker was able to inject ghost planes into radar. It is unencrypted and unauthenticated. Teso said, “Attacks range from passive attacks (eavesdropping) to active attacks (message jamming, replaying, injection.” The Aircraft Communications Addressing and Reporting System (ACARS) also has no security; it “is used for exchanging text messages between aircraft and ground stations via radio (VHF) or satellite.” Although his talk did not focus on the vulnerabilities in those two protocols, he used them to find targets.

Anyone with the right tools and a little know-how can read and send these ACARS messages. Teso purchased hardware from eBay that provided “actual flight code software” for “training” such as Flight Management System made by Rockwell. He also needed a radio transmitter and explainedabout software radio systems before the talk. He audited real aircraft code, searching for vulnerabilities to exploit, but used a lab with virtual airplanes as opposed to hijacking an actual jet in flight. Hijacking a real plane during a flight was “too dangerous and unethical.”

Help Net Security was present at the demo and explained:


By taking advantage of two new technologies for the discovery, information gathering and exploitation phases of the attack, and by creating an exploit framework (SIMON) and an Android app (PlaneSploit) that delivers attack messages to the airplanes' Flight Management Systems (computer unit + control display unit), he demonstrated the terrifying ability to take complete control of aircrafts by making virtual planes "dance to his tune."

According to Teso’s presentation slides [pdf], the ACARS datalink allowed for “real-time data transmission” and all communications between planes and airports are sent unencrypted. Teso used ACARS to exploit and break into the airplane’s onboard computer system and then upload Flight Management System (FMS) data. FMS could be uploaded by software defined radio and ground service providers.

flight_management_system_exploited_via_a

 

×
×
  • Create New...