Estimated read time: 2-3 minutes
This archived news story is available only for your personal, non-commercial use. Information in the story may be outdated or superseded by additional information. Reading or replaying the story in its archived form does not constitute a republication of the story.
AMSTERDAM — A former pilot says he can hack an airplane using his Android smartphone, allowing him to hijack the plane remotely and change internal settings, send it to a different destination or even crash it.
Hugo Teso, a security researcher for a German consultancy firm, presented the information Wednesday at the Hack in the Box security conference in Amsterdam. He said by using an Android smartphone, a radio transmitter and flight management software, he could hijack a protocol used to send data to aircraft and exploit issues with flight management systems.
Radio signals could then be used to force planes on autopilot to change direction, speed or altitude.
"You can use this system to modify approximately everything related to the navigation of the plane," Teso told Forbes. "That includes a lot of nasty things."
Teso created the Android app PlainSploit that, along with a separate exploit framework, allowed him to demonstrate his abilities.
He hasn't tested his software on an actual plane, though, due to the inherent danger of the experiment. He's instead confined his tests to various parts of aircraft hardware and software, as well as a simulation tool that uses the same code used by commercial aircraft.
The intention of the app isn't to aid terrorists, he said. Rather, he hopes airlines will use it to identify and fix holes in their current security networks, according to CTV News.
The Federal Aviation Administration has dismissed concerns raised since the conference.
#poll
"FAA has determined that the hacking technique described during a recent computer security conference does not pose a flight safety concern because it does not work on certified flight hardware," the FAA said in a statement. "The described technique cannot engage or control the aircraft's autopilot system using the FMS or prevent a pilot from overriding the autopilot.
"Therefore, a hacker cannot obtain 'full control of an aircraft' as the technology consultant has claimed," the statement continued.
Despite the FAA's claims, at least one senator is urging the departments of transportation and homeland security to take a closer look at Teso's claims. In an April 13 letter addressed to the departments' secretaries, Sen. Frank Lautenberg, D-N.J., said he was "deeply concerned" about the situation.
"Any technology that could be used to attack and exploit airline security software should be thoroughly investigated, and I urge you to take necessary steps to examine the veracity of this threat and address any deficiencies in our security systems that could leave any aircraft open to attack," he wrote, according to the Star-Ledger.
