Hacker Demonstrates Android Aircraft Hijacking App

Andy Chalk

One Flag, One Fleet, One Cat
Nov 12, 2002
45,698
1
0
Hacker Demonstrates Android Aircraft Hijacking App


A presentation at the Hack In The Box security conference in Amsterdam demonstrated just how easy it is to hijack an airplane with an Android.

First things first: "Easy" is a relative term, and people aren't about to start swatting airliners out of the sky with a 99 cent app. But with the growing reliance on computers and wireless connectivity in just about everything, Hugo Teso's presentation at the recent Hack in the Box conference may well be cause for, if not alarm, then at least some concern.

The details will be prohibitively arcane for anyone not familiar with aircraft systems but the "Baby's First Avionics" version is that some rather important surface-to-air communications channels are completely insecure, and people with the right kind of knowledge and equipment can read and send messages along those systems.

Teso searched for exploitable vulnerabilities in real aircraft code but opted to use virtual planes in a lab setting to demonstrate his technique, since hijacking real planes in flight is "too dangerous and unethical." He used ACARS [Aircraft Communications Addressing and Reporting System] to break into the craft's onboard computer and upload Flight Management System data; he was then able to steer the craft while it was in autopilot mode.

Pilots can counteract that attack by switching off autopilot, but the greater problem is that many planes no longer have analog flight instruments and are thus susceptible to other kinds of manipulation. Teso said he could control most aircraft systems, put planes on collision courses and even give passengers a fun and exciting surprise by forcing the oxygen masks to drop.

Again, for emphasis: People aren't about to start using their HTCs to turn Dreamliners into RC toys. But Teso made it clear that current systems aren't exactly safe, either, and it will be a long time before that situation improves: The successor to ACARS, which will be encrypted, will take 20 years to be fully deployed.

Hugo Teso's "Aircraft Hacking: Practical Aero Series" slideshow presentation can be seen in full at Hack In The Box [http://conference.hitb.org/hitbsecconf2013ams/materials/D1T1%20-%20Hugo%20Teso%20-%20Aircraft%20Hacking%20-%20Practical%20Aero%20Series.pdf].

Source: Computerworld [http://blogs.computerworld.com/cybercrime-and-hacking/22036/hacker-uses-android-remotely-attack-and-hijack-airplane]


Permalink
 

Zombie_Moogle

New member
Dec 25, 2008
666
0
0
Well, drones just became a lot less intimidating. Delightful :p

(although this isn't the first time that came to light)
 

thenumberthirteen

Unlucky for some
Dec 19, 2007
4,794
0
0
The only reasonable answer to this is to simply ban all electronic devices on aeroplanes. This would have to include the cargo hold too as they could be set to automatically turn on and hack it somehow.

That should be easy enough to do since they check bags already. I don't see how anyone could possibly object to it. They can buy iPods in the Airport store before they board the plane. Problem solved.
 

Smooth Operator

New member
Oct 5, 2010
8,162
0
0
Let me guess someone had the brilliant idea of running public communications through the same computer as everything else?
Fan fucking tastic, and the really scary part is this sort of horrific oversight happens everywhere.
 

Old Father Eternity

New member
Aug 6, 2010
481
0
0
The only reasonable answer is to strive towards a social state where such acts are obsolete, alas, if I know anything about humans then the most likely course of action would be one pointed out by thenumberthirteen, in which case I choose slow crawl on either land or sea.
 

null_pointer

New member
Mar 14, 2013
16
0
0
This is solid... I'm sure someone particularly lulzy will have an apk out soon.

Also, because it must be said:

"Hijacking a Plane? There's an app for that"
 

Quaxar

New member
Sep 21, 2009
3,949
0
0
Well, unencrypted air communication is only a sligh step away from putting the self-destruct passwort as "password" or "12345".

And now I wonder if I could use that method to do my own instrument check back in economy class. Just looking at fuel temperature, not doing loopings...
 

Longstreet

New member
Jun 16, 2012
705
0
0
thenumberthirteen said:
The only reasonable answer to this is to simply ban all electronic devices on aeroplanes. This would have to include the cargo hold too as they could be set to automatically turn on and hack it somehow.

That should be easy enough to do since they check bags already. I don't see how anyone could possibly object to it. They can buy iPods in the Airport store before they board the plane. Problem solved.
Now, thanks to my high-end sarcasm detector i can see through this, but please be careful.
If an TSA employee looking for a promotion sees that he might actually suggest it to his bosses, and they will do it.


On a serious note, cant decide if it is a good thing that we know this or not. On one hand, yay we know lets fix it, on the other side, people who actually know this now can exploit it.


Now if you will excuse me, i need to freshen up my android and airplane software skills.
 

Jadak

New member
Nov 4, 2008
2,136
0
0
thenumberthirteen said:
That should be easy enough to do since they check bags already. I don't see how anyone could possibly object to it. They can buy iPods in the Airport store before they board the plane. Problem solved.
And then what? Have their phones, tablets, and probably any other electronic device have to be mailed to them to at a later date?

Right.. That's going to happen. Of course, the first time a plane is actually taken down the story might change...
 

Kross

World Breaker
Sep 27, 2004
854
0
0
You don't need to be on the airplane for this to work. You can use a strong signal to do it from the ground (it's hijacking/injecting air traffic control signals, which come from the ground)
 

Slash2x

New member
Dec 7, 2009
503
0
0
Longstreet said:
thenumberthirteen said:
The only reasonable answer to this is to simply ban all electronic devices on aeroplanes. This would have to include the cargo hold too as they could be set to automatically turn on and hack it somehow.

That should be easy enough to do since they check bags already. I don't see how anyone could possibly object to it. They can buy iPods in the Airport store before they board the plane. Problem solved.
Now, thanks to my high-end sarcasm detector i can see through this, but please be careful.
If an TSA employee looking for a promotion sees that he might actually suggest it to his bosses, and they will do it.


On a serious note, cant decide if it is a good thing that we know this or not. On one hand, yay we know lets fix it, on the other side, people who actually know this now can exploit it.


Now if you will excuse me, i need to freshen up my android and airplane software skills.
Yep they are JUST going to read the headline. Then like the government of (insert country here) that has NO idea how ANY tech works there will be a ban on all electronics on any plane. FAA at minimum will do this if not everyone else too. Just a matter of time.
 

Therumancer

Citation Needed
Nov 28, 2007
9,909
0
0
It's like this, nothing is ever going to be entitely safe. It's easy to sit here and talk about the obvious oversights, but understand overcomplicating things and adding too much security can actually cause just as much, or more, damage than a lack of security if you see accidents due to lack of response time, or counter-intuitive controls.

When it comes to airline security, and concerns about terrorism, there is never going to be a "perfect" system to protect the communications since even encryption can be broken, and really that's never going to be the primary threat since it will always take a very specific and uncommon skill set. The primary threat is always going to primarily come from people with bombs, or the more pressing concern of people finding ways to bust the hull and windows. Airplanes are durable, but the need for ultra-light alloys and such means that they will always be among the more fragile constructions. One thing I was reading a while ago was how close the whole "glass shattering ring" James Bond used in "Die Another Day" was and how you can break almost anything with the right sonic vibrations and such, and while we can't make a device quite that small, you can for example send cracks through a steel plate, shake a cinderblock to virtual dust, or break class, with fairly small devices about the size of a pack of cigarettes. This means in theory someone wanting to wreck a plane (or take control of it) could stick a device roughly the size of an android to a window, or even just the side of the passenger compartment, and probably kill everyone inside if he set it off (and could take control by threatening to set it off). No need for traditional explosives or anything else.... please note what I am describing here is within the realm of possibility but IS entirely hypothetical. Such a device might take skill to construct, but wouldn't require any paticular knowlege of encryption, plane communications, or avionics, to make use of.

In short, we're pretty damn vulnerable, especially when it comes to hypothetical attacks that are within the realm of possibility, whether it's hacking a plane's control codes, or cracking the hull/windows with sonic vibrations.

One of the reasons why I'm such a bastard when it comes to social issues is that I feel the best avenue towards security is to control the human factor to begin with, rather than being permissive and simply trying to control behavior (and enduring the battles that entails when people get pissy being told what to do on planes and such). I believe certain types of people should not be allowed on planes at all, and that will vary with current politics, and social trends. Basically if the US has tensions with a specific nation, culture, or whatever, people of that type
should not be allowed to board planes for the duration of the crisis. Especially if we have troops in someone's back yard (so to speak). It's not nice, or politically correct, but as I've said many times, I find it stupid to harass everyone and anyone to make a symbolic point when we're concerned about threats from a very specific group of people. Sure, at the end of the day anyone could be a terrorist/hijacker/whatver but I believe you can adjust the odds greatly with a bit of profiling, without having to get concerned over "OMG it will take 20 years to set up encryption" or freaking out because some kid wants to play a game boy, or some dude wants to read a kindle. This is however not a popular point of view.
 

Albino Boo

New member
Jun 14, 2010
4,667
0
0
Kross said:
You don't need to be on the airplane for this to work. You can use a strong signal to do it from the ground (it's hijacking/injecting air traffic control signals, which come from the ground)
This guy has only hacked a PC based ground simulator not the embedded system that is actually on the aircraft. The two systems are not the same. Just because you found a vulnerability on the PC does not mean you hack an ipad.
 

1337mokro

New member
Dec 24, 2008
1,503
0
0
albino boo said:
Kross said:
You don't need to be on the airplane for this to work. You can use a strong signal to do it from the ground (it's hijacking/injecting air traffic control signals, which come from the ground)
This guy has only hacked a PC based ground simulator not the embedded system that is actually on the aircraft. The two systems are not the same. Just because you found a vulnerability on the PC does not mean you hack an ipad.
This guy used a ground to air communication channel to upload the program. Sure he did it on a computer RUNNING the Flight control program but that is pretty much saying that the computer has to have wings and fly before it is a valid test. The computer on the plane is just that a computer with wings running that same program.

In short he pointed out SERIOUSLY dangerous flaws in this system. On a side note Andy made me crap my pants because I did not know some airplanes no longer have a manual override. Thanks Andy, I could have died happily without ever knowing that.
 

Evil Smurf

Admin of Catoholics Anonymous
Nov 11, 2011
11,597
0
0
Kross said:
You don't need to be on the airplane for this to work. You can use a strong signal to do it from the ground (it's hijacking/injecting air traffic control signals, which come from the ground)
Because you do that right?
 

Atmos Duality

New member
Mar 3, 2010
8,473
0
0
1337mokro said:
In short he pointed out SERIOUSLY dangerous flaws in this system. On a side note Andy made me crap my pants because I did not know some airplanes no longer have a manual override. Thanks Andy, I could have died happily without ever knowing that.
Well, you actually could have died screaming in terror without knowing that...from a hack-hijacked plane if the universe is feeling ironic.
 

1337mokro

New member
Dec 24, 2008
1,503
0
0
Atmos Duality said:
1337mokro said:
In short he pointed out SERIOUSLY dangerous flaws in this system. On a side note Andy made me crap my pants because I did not know some airplanes no longer have a manual override. Thanks Andy, I could have died happily without ever knowing that.
Well, you actually could have died screaming in terror without knowing that...from a hack-hijacked plane if the universe is feeling ironic.
Would I not die screaming regardless of that knowledge? At least I would have died without knowing that my death could have been averted had they spent the 1000$ extra installing a manual override.

Now each time I fly I have to backcheck the plane's model number to see if it has a manual. No manual, no me on that thing.
 

Your Gaffer

New member
Oct 10, 2012
179
0
0
Zombie_Moogle said:
Well, drones just became a lot less intimidating. Delightful :p

(although this isn't the first time that came to light)
Actually drones, specifically military drones, are already using encrypted control communications, so they are safe from this type of thing, as of now at least. Some of them were using unencrypted video streams, so their targets and others could see what the drone sees.
This is for real life commercial airplanes.
 

Your Gaffer

New member
Oct 10, 2012
179
0
0
1337mokro said:
Atmos Duality said:
1337mokro said:
In short he pointed out SERIOUSLY dangerous flaws in this system. On a side note Andy made me crap my pants because I did not know some airplanes no longer have a manual override. Thanks Andy, I could have died happily without ever knowing that.
Well, you actually could have died screaming in terror without knowing that...from a hack-hijacked plane if the universe is feeling ironic.
Would I not die screaming regardless of that knowledge? At least I would have died without knowing that my death could have been averted had they spent the 1000$ extra installing a manual override.

Now each time I fly I have to backcheck the plane's model number to see if it has a manual. No manual, no me on that thing.
You also have to trust the pilot will be skilled enough to realize what is happening and be able to take control successfully, which in light of what happened to that air France flight that went down in the Atlantic ocean a few years ago is no sure thing.