Here’s a nightmare scenario: you’re on a dream vacation to Paris, the flight seems to be going smoothly. But then the pilot realizes the plane is circling over China, drastically off course. Only later is it revealed that a hijacker has remotely accessed the plane’s systems and plotted a new destination, all from a basic Android smartphone. If it sounds almost too scary to be true, well, then you probably should feel a bit nervous right now.
At the Hack in the Box security conference in Amsterdam, Hugo Teso successfully demonstrated how easily an airplane could be hijacked remotely using a simple Android app called PlainSploit. The app has the ability to redirect a flight, cause a ruckus in the cockpit by activating the plane’s alarms and dash lights, or, more nefariously, crash a jet directly into the ground. Thankfully Teso’s talk on aircraft hacking only targeted a virtual airplane system, but it exposed some very real weaknesses in current aviation security.
Notably, the demonstration points out a weakness or total lack of security in several systems, such as the Automated Dependent Surveillence-Broadcast (crucial in radar tracking of planes) and the text system used to communicate between aircraft and ground control.
The good news is that Teso has no plans to make PlaneSploit available on the Google Play Store, and even with the app a hacker still needs access to a set of hardware including a radio transmitter. If anything, here’s hoping the security holes exposed by his experiments urge those in the aviation industry to address any issues before a real tragedy occurs.