Hijacking An Airplane No Longer Science Fiction by Connie H. Deutsch After 9/11, we became paranoid about airport security. We couldn't even take lip balm or nail clippers on airplanes. TSA agents have been allowed to get away with sexual pat-downs and confiscating expensive items for phony reasons that are unrelated to airport security. But now we're hearing the worst news of all. A German security consultant, who's also a commercial pilot, has demonstrated tools he says could be used to hijack an airplane remotely, using just an Android phone. Speaking at the Hack in the Box security summit in Amsterdam, the Netherlands, Hugo Teso said Wednesday that he spent three years developing SIMON, a framework of malicious code that could be used to attack and exploit airline security software, and an Android app to run it that he calls PlaneSploit. Using a flight simulator, Teso showed off the ability to change the speed, altitude and direction of a virtual airplane by sending radio signals to its flight-management system. Current security systems don't have strong enough authentication methods to make sure the commands are coming from a legitimate source, he said. "You can use this system to modify approximately everything related to the navigation of the plane," Teso told Forbes after his presentation. "That includes a lot of nasty things." Hugo Teso told a crowd at an Amsterdam conference that he spent three years coding the tools he used. He told the crowd that the tools also could be used to do things like change what's on a pilot's display screen or turn off the lights in the cockpit. With the Android app he created, he said he could remotely control a plane by simply tapping pre-loaded commands like "Please Go Here" and the ominous "Visit Ground." Teso says he developed SIMON in a way that makes it work only in virtual environments, not on actual aircraft. "His testing laboratory consists of a series of software and hardware products, but the connection and communication methods, as well as ways of exploitation, are absolutely the same as they would be in an actual real-world scenario," analysts at Help Net Security wrote in a blog post. Teso told the crowd that he used flight-management hardware that he bought on eBay and publicly available flight-simulator software that contains at least some of the same computer coding as real flight software. Analyst Graham Cluley of Sophos Security said it's unclear how devastating Teso's find would be if unleashed on an actual airplane. "No one else has had an opportunity to test this researcher's claims as he has, thankfully, kept secret details of the vulnerabilities he was able to exploit," Cluley said. "We are also told that he has informed the relevant bodies, so steps can be taken to patch any security holes before someone with more malicious intent has an opportunity to exploit them." Teso said at the summit that he's reached out to the companies that make the systems he exploited and that they were receptive to addressing his concerns. He also said he's contacted aviation safety officials in the United States and Europe. "From the sound of things, this researcher has got himself a lot of media attention, but still believes in responsible disclosure, rather than potentially putting aircraft and passengers at risk," Cluley said. Teso isn't the first so-called "white hat" hacker to expose what appear to be holes in air-traffic security. Last year, at the Black Hat security conference in Las Vegas, computer scientist Andrei Costin discussed weaknesses he said he found in a new U.S. air-traffic security system set to roll out next year. The flaws he found weren't instantly catastrophic, he said, but could be used to track private airplanes, intercept messages and jam communications between planes and air-traffic control. Right now, this app is being used in virtual environments, not on actual aircraft. Teso, who has spent the last three years developing a framework of malicious code and testing it out on flight simulations, is just demonstrating the app's ability to breach airline security software. However, when something like this comes to media attention, it isn't too much longer before someone with malevolent intent and the same kind of expertise comes along who will try to use it in the real world. Connie H. Deutsch is an internationally known business consultant and personal advisor who has a keen understanding of human nature and is a natural problem-solver. She is known throughout the world for helping clients find workable solutions to problems that are often complex and systemic in nature and part of a corporation's culture or an individual's pattern of behavior. Connie has hosted her own weekly radio show, been a weekly guest on a morning radio show, done guest spots on radio shows around the country, and appeared as a guest on a cable television show. Connie wrote a weekly newspaper Advice Column for sixteen years and has been invited to speak at local colleges and given lectures around the country. She also wrote the scripts for a weekly financial show on cable television. Connie is the author of the books, "Whispers of the Soul," "A Slice of Life," and "The Counseling Effect," and is the co-author of an eBook, "Getting Rich While the World Falls Apart" which is being offered as a free download on her website. She has also written and produced two CDs on Meditation and Relationships and has done coaching on customer service and employee relationships. Her website: http://www.conniehdeutsch.com/ See more of her articles by clicking here ConnieHDeutsch Articles
Related Articles -
airplane, hijacking, remote hijacking, air-traffic, security holes, flight-simulator software, Android phone, flight-management hardware, eBay, breach,
|