A talk given by a security consultant at the Hack In The Box conference in Amsterdam has been making waves for a couple days now, largely because it made bold claims: Hugo Teso, who's also a trained commercial pilot, said he'd developed a way to hijack airplanes (as in take over their flight controls) by attacking the plane's systems wirelessly using an Android app he developed.
The ability to take control of an aircraft via an Android app is obviously a scary possibility. And it's true that a lot of aircraft systems–like many industrial networks–aren't as secure as they should be. But a guy crashing a plane with his phone? I wouldn't worry about that.
Zeljka Zorz and Berislav Kucan at Net Security wrote an in-depth explanation of Teso's demonstration and claims, which is worth the read if you haven't heard about the nuts and bolts yet. For everyone else, the notable point is that Teso set up a framework to gain access to two aircraft systems that broadcast wirelessly: the Automatic Dependent Surveillance-Broadcast (ADS-B), which communicates flight, traffic, and weather data back and forth with air traffic controllers; and the Aircraft Communications Addressing and Reporting System (ACARS), which essentially sends standardized messages back and forth between pilots and the ground, in some cases automatically so that pilots don't have to spend their time sending in standard reports.
Now, it's true that both systems are insecure, and it does have some worrisome implications–for one, perhaps someone could spoof a plane via the ADS-B to warn pilots of a mid-air collision, which would likely cause some chaos on the flight deck. Regardless, that airline systems so susceptible to attacks is certainly is certainly something that needs to be fixed.
But the claim that a plane could be remotely controlled–which Teso did simulate in his talk, although the doom hype blame also lies with some media outlets–is pretty much false, for a number of reasons.
First, let's say that indeed Teso found a way to worm his way in from communications systems into taking over flight controls. As James Fallows notes for the Atlantic, even if a plane's autopilot was hijacked and sent the plane into a nosedive, pilots will always be able to take over manual controls. And if an attacker subtly recalibrated instruments and the autopilot to head a plane towards a mountain, jets cruise at 35,000 feet. Pilots will notice the plane has lost altitude before it ever gets near crashing into anything.
And even then, the claim that accessing an admittedly-unsecure pair of communications systems can then lead to accessing plane controls appears to be a leap beyond what's feasible. A couple security consultants I emailed both said the specific flight hijacking claim seemed fairly ridiculous, one of whom pointed me towards a Hacker News thread with folks saying the same thing. As user eduardordm wrote:
I used to make avionics for a living and I don't even understand what this man is talking about. (I don't think he does too) That seems to be just an ACARS sniffer.
ACARS and ADS-b has nothing do to with aircraft control systems. You don't need an android app to intercept satellite communication and even if you 'root' the ACARS computer, it is not connected to the systems that could control the airplane.
Also: to pass DO-254 at level A you must have physical switches for flight/computer functionality, that said, no software can engage autopilot or change AP behavior, you need physical switches to do that. They are NOT similar to keyboard buttons, those switches actually interfere at the hardware level.
Read the full story on Motherboard.