Hacker Demonstrates Android Aircraft Hijacking App

Hacker Demonstrates Android Aircraft Hijacking App

image

A presentation at the Hack In The Box security conference in Amsterdam demonstrated just how easy it is to hijack an airplane with an Android.

First things first: "Easy" is a relative term, and people aren't about to start swatting airliners out of the sky with a 99 cent app. But with the growing reliance on computers and wireless connectivity in just about everything, Hugo Teso's presentation at the recent Hack in the Box conference may well be cause for, if not alarm, then at least some concern.

The details will be prohibitively arcane for anyone not familiar with aircraft systems but the "Baby's First Avionics" version is that some rather important surface-to-air communications channels are completely insecure, and people with the right kind of knowledge and equipment can read and send messages along those systems.

Teso searched for exploitable vulnerabilities in real aircraft code but opted to use virtual planes in a lab setting to demonstrate his technique, since hijacking real planes in flight is "too dangerous and unethical." He used ACARS [Aircraft Communications Addressing and Reporting System] to break into the craft's onboard computer and upload Flight Management System data; he was then able to steer the craft while it was in autopilot mode.

Pilots can counteract that attack by switching off autopilot, but the greater problem is that many planes no longer have analog flight instruments and are thus susceptible to other kinds of manipulation. Teso said he could control most aircraft systems, put planes on collision courses and even give passengers a fun and exciting surprise by forcing the oxygen masks to drop.

Again, for emphasis: People aren't about to start using their HTCs to turn Dreamliners into RC toys. But Teso made it clear that current systems aren't exactly safe, either, and it will be a long time before that situation improves: The successor to ACARS, which will be encrypted, will take 20 years to be fully deployed.

Hugo Teso's "Aircraft Hacking: Practical Aero Series" slideshow presentation can be seen in full at Hack In The Box.

Source: Computerworld

Permalink

Well, drones just became a lot less intimidating. Delightful :P

(although this isn't the first time that came to light)

And I'll bet Alec Baldwin playing Angry Birds on the runway got more of a response than this demonstration will.

The only reasonable answer to this is to simply ban all electronic devices on aeroplanes. This would have to include the cargo hold too as they could be set to automatically turn on and hack it somehow.

That should be easy enough to do since they check bags already. I don't see how anyone could possibly object to it. They can buy iPods in the Airport store before they board the plane. Problem solved.

Let me guess someone had the brilliant idea of running public communications through the same computer as everything else?
Fan fucking tastic, and the really scary part is this sort of horrific oversight happens everywhere.

The only reasonable answer is to strive towards a social state where such acts are obsolete, alas, if I know anything about humans then the most likely course of action would be one pointed out by thenumberthirteen, in which case I choose slow crawl on either land or sea.

This is solid... I'm sure someone particularly lulzy will have an apk out soon.

Also, because it must be said:

"Hijacking a Plane? There's an app for that"

Well, unencrypted air communication is only a sligh step away from putting the self-destruct passwort as "password" or "12345".

And now I wonder if I could use that method to do my own instrument check back in economy class. Just looking at fuel temperature, not doing loopings...

thenumberthirteen:
The only reasonable answer to this is to simply ban all electronic devices on aeroplanes. This would have to include the cargo hold too as they could be set to automatically turn on and hack it somehow.

That should be easy enough to do since they check bags already. I don't see how anyone could possibly object to it. They can buy iPods in the Airport store before they board the plane. Problem solved.

Now, thanks to my high-end sarcasm detector i can see through this, but please be careful.
If an TSA employee looking for a promotion sees that he might actually suggest it to his bosses, and they will do it.

On a serious note, cant decide if it is a good thing that we know this or not. On one hand, yay we know lets fix it, on the other side, people who actually know this now can exploit it.

Now if you will excuse me, i need to freshen up my android and airplane software skills.

thenumberthirteen:

That should be easy enough to do since they check bags already. I don't see how anyone could possibly object to it. They can buy iPods in the Airport store before they board the plane. Problem solved.

And then what? Have their phones, tablets, and probably any other electronic device have to be mailed to them to at a later date?

Right.. That's going to happen. Of course, the first time a plane is actually taken down the story might change...

You don't need to be on the airplane for this to work. You can use a strong signal to do it from the ground (it's hijacking/injecting air traffic control signals, which come from the ground)

Longstreet:

thenumberthirteen:
The only reasonable answer to this is to simply ban all electronic devices on aeroplanes. This would have to include the cargo hold too as they could be set to automatically turn on and hack it somehow.

That should be easy enough to do since they check bags already. I don't see how anyone could possibly object to it. They can buy iPods in the Airport store before they board the plane. Problem solved.

Now, thanks to my high-end sarcasm detector i can see through this, but please be careful.
If an TSA employee looking for a promotion sees that he might actually suggest it to his bosses, and they will do it.

On a serious note, cant decide if it is a good thing that we know this or not. On one hand, yay we know lets fix it, on the other side, people who actually know this now can exploit it.

Now if you will excuse me, i need to freshen up my android and airplane software skills.

Yep they are JUST going to read the headline. Then like the government of (insert country here) that has NO idea how ANY tech works there will be a ban on all electronics on any plane. FAA at minimum will do this if not everyone else too. Just a matter of time.

It's like this, nothing is ever going to be entitely safe. It's easy to sit here and talk about the obvious oversights, but understand overcomplicating things and adding too much security can actually cause just as much, or more, damage than a lack of security if you see accidents due to lack of response time, or counter-intuitive controls.

When it comes to airline security, and concerns about terrorism, there is never going to be a "perfect" system to protect the communications since even encryption can be broken, and really that's never going to be the primary threat since it will always take a very specific and uncommon skill set. The primary threat is always going to primarily come from people with bombs, or the more pressing concern of people finding ways to bust the hull and windows. Airplanes are durable, but the need for ultra-light alloys and such means that they will always be among the more fragile constructions. One thing I was reading a while ago was how close the whole "glass shattering ring" James Bond used in "Die Another Day" was and how you can break almost anything with the right sonic vibrations and such, and while we can't make a device quite that small, you can for example send cracks through a steel plate, shake a cinderblock to virtual dust, or break class, with fairly small devices about the size of a pack of cigarettes. This means in theory someone wanting to wreck a plane (or take control of it) could stick a device roughly the size of an android to a window, or even just the side of the passenger compartment, and probably kill everyone inside if he set it off (and could take control by threatening to set it off). No need for traditional explosives or anything else.... please note what I am describing here is within the realm of possibility but IS entirely hypothetical. Such a device might take skill to construct, but wouldn't require any paticular knowlege of encryption, plane communications, or avionics, to make use of.

In short, we're pretty damn vulnerable, especially when it comes to hypothetical attacks that are within the realm of possibility, whether it's hacking a plane's control codes, or cracking the hull/windows with sonic vibrations.

One of the reasons why I'm such a bastard when it comes to social issues is that I feel the best avenue towards security is to control the human factor to begin with, rather than being permissive and simply trying to control behavior (and enduring the battles that entails when people get pissy being told what to do on planes and such). I believe certain types of people should not be allowed on planes at all, and that will vary with current politics, and social trends. Basically if the US has tensions with a specific nation, culture, or whatever, people of that type
should not be allowed to board planes for the duration of the crisis. Especially if we have troops in someone's back yard (so to speak). It's not nice, or politically correct, but as I've said many times, I find it stupid to harass everyone and anyone to make a symbolic point when we're concerned about threats from a very specific group of people. Sure, at the end of the day anyone could be a terrorist/hijacker/whatver but I believe you can adjust the odds greatly with a bit of profiling, without having to get concerned over "OMG it will take 20 years to set up encryption" or freaking out because some kid wants to play a game boy, or some dude wants to read a kindle. This is however not a popular point of view.

Kross:
You don't need to be on the airplane for this to work. You can use a strong signal to do it from the ground (it's hijacking/injecting air traffic control signals, which come from the ground)

This guy has only hacked a PC based ground simulator not the embedded system that is actually on the aircraft. The two systems are not the same. Just because you found a vulnerability on the PC does not mean you hack an ipad.

albino boo:

Kross:
You don't need to be on the airplane for this to work. You can use a strong signal to do it from the ground (it's hijacking/injecting air traffic control signals, which come from the ground)

This guy has only hacked a PC based ground simulator not the embedded system that is actually on the aircraft. The two systems are not the same. Just because you found a vulnerability on the PC does not mean you hack an ipad.

This guy used a ground to air communication channel to upload the program. Sure he did it on a computer RUNNING the Flight control program but that is pretty much saying that the computer has to have wings and fly before it is a valid test. The computer on the plane is just that a computer with wings running that same program.

In short he pointed out SERIOUSLY dangerous flaws in this system. On a side note Andy made me crap my pants because I did not know some airplanes no longer have a manual override. Thanks Andy, I could have died happily without ever knowing that.

Kross:
You don't need to be on the airplane for this to work. You can use a strong signal to do it from the ground (it's hijacking/injecting air traffic control signals, which come from the ground)

Because you do that right?

1337mokro:

In short he pointed out SERIOUSLY dangerous flaws in this system. On a side note Andy made me crap my pants because I did not know some airplanes no longer have a manual override. Thanks Andy, I could have died happily without ever knowing that.

Well, you actually could have died screaming in terror without knowing that...from a hack-hijacked plane if the universe is feeling ironic.

Atmos Duality:

1337mokro:

In short he pointed out SERIOUSLY dangerous flaws in this system. On a side note Andy made me crap my pants because I did not know some airplanes no longer have a manual override. Thanks Andy, I could have died happily without ever knowing that.

Well, you actually could have died screaming in terror without knowing that...from a hack-hijacked plane if the universe is feeling ironic.

Would I not die screaming regardless of that knowledge? At least I would have died without knowing that my death could have been averted had they spent the 1000$ extra installing a manual override.

Now each time I fly I have to backcheck the plane's model number to see if it has a manual. No manual, no me on that thing.

Zombie_Moogle:
Well, drones just became a lot less intimidating. Delightful :P

(although this isn't the first time that came to light)

Actually drones, specifically military drones, are already using encrypted control communications, so they are safe from this type of thing, as of now at least. Some of them were using unencrypted video streams, so their targets and others could see what the drone sees.
This is for real life commercial airplanes.

1337mokro:

Atmos Duality:

1337mokro:

In short he pointed out SERIOUSLY dangerous flaws in this system. On a side note Andy made me crap my pants because I did not know some airplanes no longer have a manual override. Thanks Andy, I could have died happily without ever knowing that.

Well, you actually could have died screaming in terror without knowing that...from a hack-hijacked plane if the universe is feeling ironic.

Would I not die screaming regardless of that knowledge? At least I would have died without knowing that my death could have been averted had they spent the 1000$ extra installing a manual override.

Now each time I fly I have to backcheck the plane's model number to see if it has a manual. No manual, no me on that thing.

You also have to trust the pilot will be skilled enough to realize what is happening and be able to take control successfully, which in light of what happened to that air France flight that went down in the Atlantic ocean a few years ago is no sure thing.

1337mokro:

albino boo:

Kross:
You don't need to be on the airplane for this to work. You can use a strong signal to do it from the ground (it's hijacking/injecting air traffic control signals, which come from the ground)

This guy has only hacked a PC based ground simulator not the embedded system that is actually on the aircraft. The two systems are not the same. Just because you found a vulnerability on the PC does not mean you hack an ipad.

This guy used a ground to air communication channel to upload the program. Sure he did it on a computer RUNNING the Flight control program but that is pretty much saying that the computer has to have wings and fly before it is a valid test. The computer on the plane is just that a computer with wings running that same program.

In short he pointed out SERIOUSLY dangerous flaws in this system. On a side note Andy made me crap my pants because I did not know some airplanes no longer have a manual override. Thanks Andy, I could have died happily without ever knowing that.

He hacked a different program to the one that is used in real life. The simulator is not written to the SIL 3 level which required by law before an aircraft can fly. More specifically the on the on board system uses a Kalman filter to eliminate erroneous results. I know because I did spend 10 years of my life dealing with safety critical software in aircraft. The simulator is written to be a training aid, its does not matter if it crashes or can be spoofed so the programming is less rigours and cheaper than the real thing.

Your Gaffer:

1337mokro:

Atmos Duality:

Well, you actually could have died screaming in terror without knowing that...from a hack-hijacked plane if the universe is feeling ironic.

Would I not die screaming regardless of that knowledge? At least I would have died without knowing that my death could have been averted had they spent the 1000$ extra installing a manual override.

Now each time I fly I have to backcheck the plane's model number to see if it has a manual. No manual, no me on that thing.

You also have to trust the pilot will be skilled enough to realize what is happening and be able to take control successfully, which in light of what happened to that air France flight that went down in the Atlantic ocean a few years ago is no sure thing.

Different issue that was frozen pitot heads, the pilot turned off the autothrust system leading the aircraft to stall. If they had left the autothrust system on the plane would have never of stalled.

thenumberthirteen:
The only reasonable answer to this is to simply ban all electronic devices on aeroplanes. This would have to include the cargo hold too as they could be set to automatically turn on and hack it somehow.

That should be easy enough to do since they check bags already. I don't see how anyone could possibly object to it. They can buy iPods in the Airport store before they board the plane. Problem solved.

You must be joking. Nobody is going to buy a second iPod just to use it on a flight, and even if they did they could still install hacking software on it after purchase. Besides, everybody takes mobile phones everywhere these days, you can't just leave that stuff behind. The most they could ever do is force all the phones into a big phone storage box and take all the batteries out, and they won't do that unless planes start falling from the skies.

thenumberthirteen:
The only reasonable answer to this is to simply ban all electronic devices on aeroplanes. This would have to include the cargo hold too as they could be set to automatically turn on and hack it somehow.

That should be easy enough to do since they check bags already. I don't see how anyone could possibly object to it. They can buy iPods in the Airport store before they board the plane. Problem solved.

Yeah that's not exactly a reasonable answer. The reasonable one is to use some serious encryption on all the systems of the aircraft and air-ground communication but that'll take some time to get in motion. It's not like you can just roll out a software update on a fleet of aeroplanes.

Jadak:

thenumberthirteen:

That should be easy enough to do since they check bags already. I don't see how anyone could possibly object to it. They can buy iPods in the Airport store before they board the plane. Problem solved.

And then what? Have their phones, tablets, and probably any other electronic device have to be mailed to them to at a later date?

Right.. That's going to happen. Of course, the first time a plane is actually taken down the story might change...

Don't be ridiculous, mail those insanely dangerous devices? Obviously they must be thrown in a bin to be destroyed along with the toothpaste, shampoo and toothpicks!

Evil Smurf:

Kross:
You don't need to be on the airplane for this to work. You can use a strong signal to do it from the ground (it's hijacking/injecting air traffic control signals, which come from the ground)

Because you do that right?

Easier than using a strong signal to override the VHF navigation beacons, which is how the old South African Apartheid Government allegedly assassinated Samora Machel.

Your Gaffer:

Zombie_Moogle:
Well, drones just became a lot less intimidating. Delightful :P

(although this isn't the first time that came to light)

Actually drones, specifically military drones, are already using encrypted control communications, so they are safe from this type of thing, as of now at least. Some of them were using unencrypted video streams, so their targets and others could see what the drone sees.
This is for real life commercial airplanes.

Except the US government still use such weak encryption that the Iranians managed to hijack and crash-land one of the American drones, and more recently American researchers repeated it.

https://en.wikipedia.org/wiki/Iran-U.S._RQ-170_incident
http://www.popsci.com/technology/article/2012-06/researchers-hack-government-drone-1000-parts

EDIT: Edited next 2 posts into this, for compactness and clarity

EDIT: see my post above.

This article (released from the original source, of course. <3 Escapist) is an inadvertent evil. The technology may not have been released, but the IDEA has now. And the worst thing that can happen just from bragging about this kind of a breakthrough is now someone with ill intent will develop it in their own cave, with their goats, and actually use it against innocent people.

Ideas are powerful.

 

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here