Hacker Demonstrates Android Aircraft Hijacking App

[Albino Boo]

You don't need to be on the airplane for this to work. You can use a strong signal to do it from the ground (it's hijacking/injecting air traffic control signals, which come from the ground)

This guy has only hacked a PC based ground simulator not the embedded system that is actually on the aircraft. The two systems are not the same. Just because you found a vulnerability on the PC does not mean you hack an ipad.

This guy used a ground to air communication channel to upload the program. Sure he did it on a computer RUNNING the Flight control program but that is pretty much saying that the computer has to have wings and fly before it is a valid test. The computer on the plane is just that a computer with wings running that same program.

In short he pointed out SERIOUSLY dangerous flaws in this system. On a side note Andy made me crap my pants because I did not know some airplanes no longer have a manual override. Thanks Andy, I could have died happily without ever knowing that.

He hacked a different program to the one that is used in real life. The simulator is not written to the SIL 3 level which required by law before an aircraft can fly. More specifically the on the on board system uses a Kalman filter to eliminate erroneous results. I know because I did spend 10 years of my life dealing with safety critical software in aircraft. The simulator is written to be a training aid, its does not matter if it crashes or can be spoofed so the programming is less rigours and cheaper than the real thing.

 

[Albino Boo]

In short he pointed out SERIOUSLY dangerous flaws in this system. On a side note Andy made me crap my pants because I did not know some airplanes no longer have a manual override. Thanks Andy, I could have died happily without ever knowing that.

Well, you actually could have died screaming in terror without knowing that...from a hack-hijacked plane if the universe is feeling ironic.

Would I not die screaming regardless of that knowledge? At least I would have died without knowing that my death could have been averted had they spent the 1000$ extra installing a manual override.

Now each time I fly I have to backcheck the plane's model number to see if it has a manual. No manual, no me on that thing.

You also have to trust the pilot will be skilled enough to realize what is happening and be able to take control successfully, which in light of what happened to that air France flight that went down in the Atlantic ocean a few years ago is no sure thing.

Different issue that was frozen pitot heads, the pilot turned off the autothrust system leading the aircraft to stall. If they had left the autothrust system on the plane would have never of stalled.

 

[TacticalAssassin1]

The only reasonable answer to this is to simply ban all electronic devices on aeroplanes. This would have to include the cargo hold too as they could be set to automatically turn on and hack it somehow.

That should be easy enough to do since they check bags already. I don't see how anyone could possibly object to it. They can buy iPods in the Airport store before they board the plane. Problem solved.

You must be joking. Nobody is going to buy a second iPod just to use it on a flight, and even if they did they could still install hacking software on it after purchase. Besides, everybody takes mobile phones everywhere these days, you can't just leave that stuff behind. The most they could ever do is force all the phones into a big phone storage box and take all the batteries out, and they won't do that unless planes start falling from the skies.

 

[Techno Squidgy]

The only reasonable answer to this is to simply ban all electronic devices on aeroplanes. This would have to include the cargo hold too as they could be set to automatically turn on and hack it somehow.

That should be easy enough to do since they check bags already. I don't see how anyone could possibly object to it. They can buy iPods in the Airport store before they board the plane. Problem solved.

Yeah that's not exactly a reasonable answer. The reasonable one is to use some serious encryption on all the systems of the aircraft and air-ground communication but that'll take some time to get in motion. It's not like you can just roll out a software update on a fleet of aeroplanes.

 

[Andrew_C]

That should be easy enough to do since they check bags already. I don't see how anyone could possibly object to it. They can buy iPods in the Airport store before they board the plane. Problem solved.

And then what? Have their phones, tablets, and probably any other electronic device have to be mailed to them to at a later date?

Right.. That's going to happen. Of course, the first time a plane is actually taken down the story might change...

Don't be ridiculous, mail those insanely dangerous devices? Obviously they must be thrown in a bin to be destroyed along with the toothpaste, shampoo and toothpicks!

You don't need to be on the airplane for this to work. You can use a strong signal to do it from the ground (it's hijacking/injecting air traffic control signals, which come from the ground)

Because you do that right?

Easier than using a strong signal to override the VHF navigation beacons, which is how the old South African Apartheid Government allegedly assassinated Samora Machel [https://en.wikipedia.org/wiki/1986_Mozambican_Tupolev_Tu-134_crash].

Well, drones just became a lot less intimidating. Delightful

(although this isn't the first time that came to light)

Actually drones, specifically military drones, are already using encrypted control communications, so they are safe from this type of thing, as of now at least. Some of them were using unencrypted video streams, so their targets and others could see what the drone sees.
This is for real life commercial airplanes.

Except the US government still use such weak encryption that the Iranians managed to hijack and crash-land one of the American drones, and more recently American researchers repeated it.

https://en.wikipedia.org/wiki/Iran?U.S._RQ-170_incident
http://www.popsci.com/technology/article/2012-06/researchers-hack-government-drone-1000-parts

EDIT: Edited next 2 posts into this, for compactness and clarity

 

[Andrew_C]

EDIT: see my post above.

 

[stabnex]

This article (released from the original source, of course. <3 Escapist) is an inadvertent evil. The technology may not have been released, but the IDEA has now. And the worst thing that can happen just from bragging about this kind of a breakthrough is now someone with ill intent will develop it in their own cave, with their goats, and actually use it against innocent people.

Ideas are powerful.