Want to hack a plane? Well, there's an app for that.
PlaneSploit is the work of Hugo Teso, a security researcher and commercial pilot, who claims his app allows users to control a plane from the ground. Using an Android phone (sorry iPhone, Blackberry and Window Phones users), a radio transmitter, flight management software and a little bit of hacking know-how, Teso demonstrated how he changed the flight path of a plane to a crowd on Wednesday during this year's Hack In The Box conference in Amsterdam.
The process is a bit technical (which you can read here) but the gist of Teso's presentation is that his methods can mess with the data sent to commercial planes because they lack the security to tell whether data is coming from the right source. By interfering with the data, Teso says he could then send radio signals which could change a pilot's display or change the plane's speed, direction or altitude.
“You can use this system to modify approximately everything related to the navigation of the plane,” Teso told Andy Greenberg of Forbes, adding, “that includes a lot of nasty things.”
There are limitations with Teso's hacking system though. For one, Engagdget calls PlaneSploit "proof-of-concept software", which means it works but only in a closed, virtual environment — a demo if you will — which means it won't be available for download off of Google's app store.
Secondly, as Gawker points out, the app attacks a plane's autopilot system, and while it can do terrifying things like drop passengers' oxygen masks without warning, pilots could render the hack useless by turning off the plane's autopilot.
According to Computer World, Teso used codes from real-world aircrafts to start the hijacking sequence but used virtual planes in a lab to simulate his actual hijacking capabilities. He says hijacking a real plane would be “too dangerous and unethical.”
Teso's demo has attracted the attention of several companies that work on the navigation systems of planes, like Honeywell, Thales and Rockwell Collins. So far, it's Honeywell that says they've reached out to Teso's employer, N.Runs, a German IT consultancy firm to talk about Teso's work, notes NBC.
“We take this seriously and we’re going to work with N.Runs to assess this,” says Scott Sayres, a rep from Honeywell, adding that Teso readily admits the version he used of our flight management system is a publicly available PC simulation, and that doesn’t have the same protections against overwriting or corrupting as our certified flight software.”
Teso is also working with the Federal Aviation Administration and the European Aviation Safety Administration, the governing bodies who regulate flight safety procedures in the States and Europe, reports the Guardian. It's said that both agencies are working on a fix for the issue.