Hijacking Airplanes With an Android Phone

An anonymous reader writes "Until today, hacking and hijacking planes by pressing a few buttons on an Android mobile app has been the stuff of over-the-top blockbuster movies. However, the talk that security researcher and commercial airplane pilot Hugo Teso delivered today at the Hack in the Box conference in Amsterdam has brought it into the realm of reality and has given us one more thing to worry about and fear (presentation slides PDF). One of the two technologies he abused is the Automatic Dependent Surveillance-Broadcast (ADS-B), which sends information about each aircraft (identification, current position, altitude, and so on) through an on-board transmitter to air traffic controllers, and allows aircrafts equipped with the technology to receive flight, traffic and weather information about other aircrafts currently in the air in their vicinity. The other one is the Aircraft Communications Addressing and Reporting System (ACARS), which is used to exchange messages between aircrafts and air traffic controllers via radio or satellite, as well as to automatically deliver information about each flight phase to the latter. Both of these technologies are massively insecure and are susceptible to a number of passive and active attacks. Teso misused the ADS-B to select targets, and the ACARS to gather information about the onboard computer as well as to exploit its vulnerabilities by delivering spoofed malicious messages that affect the'behavior' of the plane."

Secure it.....

[Murdoch5]

You designed a broken system that remained hidden, now that it's out fix it!

Re:It has?

[Obfuscant]

They were executing a man in the middle attack against aircraft and their ground based navigation infrastructure.

A MITM attack requires intercepting the original message and replacing it with a modified version. That's not what was happening in DH2. In DH2 they were allegedly modifying the original message itself, in a way that is ridiculously impossible.

A MITM would have the black hats intercepting the ILS radio signals and modifying them. There would be no need to do that, since all you need is the ability to transmit your own ILS signal. That would have required the physical presence of a transmitter several hundred feet prior to the threshold in order to put the TDZE below ground. You cannot do that by simply changing the signals transmitted by the FAA ILS system itself.

Re:I call BS

[msmart13]

Incorrect. ADS-B has two components, FIS-B for weather and TIS-B for traffic. If you spoof airplanes via ADS-B you can trigger the exact same kinds of collision avoidance alerts and pilot reactions as a spoofed TCAS. http://en.wikipedia.org/wiki/Automatic_dependent_surveillance-broadcast#Traffic_information_services-broadcast_.28TIS-B.29 [wikipedia.org]

Unlikely

[borgasm]

IAAP

The concept of using ADS-B to spoof position reporting doesn't hold water, since there are backup systems (Mode C/S xpdr)...though it may trigger a traffic alert on a neighbor's TCAS if it only relies on ADS-B reports (which it shouldn't). You can't control anything with just ADS-B spoofing.

Hacking the FMS via something like vulnerability in the ACARS receive stack....ok that might be in the realm of possibility. Except its not very useful, because any deviation of course or altitude would be detected by the pilots and ATC nearly immediately. Redundancy is built in at the human level.

Re:Well I'm sold!

[AK Marc]

Humans are about the worst possible software to be in control of a car. If the bar is "better than the average human" we passed that 10 years ago. But the bar is "better than the best human under all possible (not just likely, possible) circumstances" which we are close to, but can't even test, so we aren't sure how close we are. Humans are very susceptible to hacks as well. People pulled over by fake cops, then robbed and killed. People who kill themselves trying to avoid wildlife. Missing or misunderstanding traffic signals. It'd be hard to build functional software as bad at driving as humans are.