Imagine the kind of havoc a malicious hacker could cause if he or she were able to take over an airplane simply using his Android
phone. With a tap of his or her fingers, the hacker could arbitrarily
control the plane remotely and redirect its path. If you think this is
only something that could happen in a Hollywood movie, think again,
because that's exactly the scenario a German security researcher laid
out on Wednesday at a conference in Amsterdam.
Hugo Teso, a security researcher for the German IT consultancy firm N.Runs — he is a trained commercial pilot as well — explained at the Hack in the Box
security conference that a protocol used to transmit data to commercial
airplanes can be hacked, turning the hacker into a full-fledged
hijacker.
The flawed protocol is a data exchange system called Aircraft Communications Addressing and Report System, or ACARS.
Exploiting its flaws, as well as the bugs found in flight management
software made by companies like Honeywell, Thales, and Rockwell Collins,
Teso maintains he can take over a plane by sending it his own malicious
radio signals. To do that, he has created an exploit framework,
codenamed SIMON, and an Android app called PlaneSploit that can
communicate with the airplanes' Flight Management Systems (FMS).
"You can use this system to modify approximately everything related to the navigation of the plane," Teso told Forbes' Andy Greenberg in an interview. "That includes a lot of nasty things."
The key to Teso's hack is that ACARS doesn't have any encryption or
authentication features, so the plane can't distinguish between signals
that are coming from a hacker or an airport's ground station. That way,
he or she could potentially send spoofed malicious signals to affect the
behavior of the plane. In the presentation (see the slides here),
Teso showed how he could control a virtual plane using the Android app
he developed, and explained that he experimented on hardware purchased
on eBay along with FMS training simulation software.
Authorities like the Federal Aviation Administration (FAA), as well as Honeywell, however, don't believe his hack could be reproduced in real life.
In a statement sent to media, the FAA said it is aware of
Teso's presentation on Wednesday, but noted that the "hacking
technique" he described "does not pose a flight safety concern because
it does not work on certified flight hardware."
In fact, "the described technique cannot engage or control the aircraft’s autopilot
system using the FMS or prevent a pilot from overriding the autopilot,"
the statement continues. "Therefore, a hacker cannot obtain 'full
control of an aircraft' as the technology consultant has claimed."
Honeywell, on its part, has expressed the same view. "As Teso readily
admits, the version he used of our flight management system is a
publicly available PC simulation, and that doesn’t have the same
protections against overwriting or corrupting as our certified flight
software," Honeywell spokesperson Scott Sayres told Forbes.
Teso's fellow security researcher and supervisor Roland Ehlies counters
that the hack "would work with at minimum a bit of adaptation" on real
planes and software.
Either way, both Teso and Sayres agree that whatever a hacker might
do, the pilots could be able to override the malicious commands on
board. In any case, instead of hijacking the plane, the hacker might
still be able to make the cockpit's lights blink wildly or the
passenger's pressurized air masks drop.
Even if Teso's hack proves not to be reproducible on real planes,
some of the flaws he exposed could still cause issues. And this is not
the first time security researchers and hackers have exposed serious
flaws in modern aviation systems.
Last year, at the famed Black Hat
security conference in Las Vegas, another researcher showed the
vulnerabilities of the next generation air traffic control system, the
Automatic Dependent Surveillance-Broadcast (ADS-B).
In his presentation, Andrei Costin, a doctoral candidate in France,
showed that it was possible to send and inject spoofed messages into the
systems, making imaginary planes appear on the screens of air traffic controllers.
Update, 6:47 p.m.: The European Aviation Safety
Agency (EASA) is in accordance with its American counterpart and
Honeywell in downplaying the hack. In an email statement to one of the media, an EASA spokesperson, said that "this presentation was
based on a PC training simulator and did not reveal potential
vulnerabilities on actual flying systems," and "in particular, the FMS
simulation software does not have the same overwriting protection and
redundancies that is included in the certified flight software."
0 comments:
Post a Comment