Aircraft Flight Management Systems Vulnerable To Attack... From A Smartphone...

broken-lock

If you want to talk about something frightening how does being able to crash a plane with little more than an Android Smartphone sound? This scenario that is right out of a movie script is apparently all too possible as was demonstrated at a talk by Hugo Teso. Teso who has 11-years of experience in IT and 12 as a commercial pilot combined what he knows about both fields and came up with a way to hack a plane.

To accomplish this feat he exploited two very central systems on commercial planes; ADS-B (Automatic Dependent Surveillance-Broadcast) and ACARS (Aircraft Communications Addressing and Reporting System). ADS-B is used to send information about the plane including ID, position, altitude, speed etc. This is part of the system that tells you where the plane is at and what it is doing. ADS-B sends out information to air traffic controllers and to other planes in the area. ACARS is pretty much a messaging system that can send information between controllers and other aircraft.

According to Teso these two systems are not secure at all and with simple tools he was able to gather information on planes to target them and then to send malicious messages to them to control their movements or to simulate problems that did not exist.  As you can imagine sending a fake proximity warning to a plane can cause some serious issues as would many other false failures.

Using a framework that he developed called SIMON and an app dubbed PlaneSploit Teso made quite a show with a few simulated planes. He was careful to point out that the exploit framework and the app would not work on real planes (he did not include all of that) but that the simulation did use the same communication methods that exist in today’s aircraft. According to Teso, once the SIMON framework is installed it is undetectable which makes it even more dangerous. There is no way to find and remove something like this meaning that an attacker can get this in place long before they attempt to control the target aircraft.

Teso’s current proof-of-concept is quite frightening in its simplicity and in the methods that can be used to identify and exploit aircraft. Someone could theoretically set up a remote station and scan for vulnerable aircraft, once they are identified they can push their exploit/payload to the plane and take control steering them where they want or even simply casing the plane to crash. If an attacker was even more ambitious they could compromise one of the two major transmission methods for the ACARS system SITA or ARINC and their range would be almost unlimited.

The good news here is that some of this can be fixed. Newer aircraft and computer systems can be patched to remove the exploit, but some older equipment cannot be fixed. This would mean costly replacement and we have to wonder if some of the bean counters out there would feel that the risk is too small to foot the bill. We also have to wonder if other flight management systems are vulnerable to this type of exploit. Would it be possible to exploit a drone using something similar to this attack? We know that GPS spoofing has been used on some simply because the GPS systems they use are not encrypted. We are hoping that military drones and other aircraft are not vulnerable to this, but what about the drones that are being prepped for civilian sales and uses?
We have to echo Hugo Teso’s concerns that an industry like the aviation industry, would leave something like this so open and vulnerable to exploit and attack. You would think that security and safety would be the number one concern. We do hope that the proof of concept shown off by Hugo Teso does motivate the industry to take a long hard look at the security of their computer and flight control systems to make sure that they are not vulnerable to further attacks. With the rapid way cyber-warfare is ramping up we are sure that someone would see this as a very effective weapon sooner or later…

What do you think about this exploit? Tell us in our Forum

No comments

Leave your comment

In reply to Some User