Hacker hijacks plane remotely with an Android smartphone

Here’s a nightmare scenario: you’re on a dream vacation to Paris, the flight seems to be going smoothly. But then the pilot realizes the plane is circling over China, drastically off course. Only later is it revealed that a hijacker has remotely accessed the plane’s systems and plotted a new destination, all from a basic Android smartphone. If it sounds almost too scary to be true, well, then you probably should feel a bit nervous right now.

At the Hack in the Box security conference in Amsterdam, Hugo Teso successfully demonstrated how easily an airplane could be hijacked remotely using a simple Android app called PlainSploit. The app has the ability to redirect a flight, cause a ruckus in the cockpit by activating the plane’s alarms and dash lights, or, more nefariously, crash a jet directly into the ground. Thankfully Teso’s talk on aircraft hacking only targeted a virtual airplane system, but it exposed some very real weaknesses in current aviation security.

Notably, the demonstration points out a weakness or total lack of security in several systems, such as the Automated Dependent Surveillence-Broadcast (crucial in radar tracking of planes) and the text system used to communicate between aircraft and ground control.

The good news is that Teso has no plans to make PlaneSploit available on the Google Play Store, and even with the app a hacker still needs access to a set of hardware including a radio transmitter. If anything, here’s hoping the security holes exposed by his experiments urge those in the aviation industry to address any issues before a real tragedy occurs.

[via ComputerWorld]

Continue reading:

TAGS:



  • marefin386

    This is a great article read just before me boarding my flight just now…

  • registeringwithdisqusisapain

    Here’s what I’m afraid will happen as a result of people being idiots.

    1. Idiot congressperson reads article.
    2. Idiot congressperson decides that the TSA should confiscate all Android phones to prevent this from happening.
    3. TSA listens to idiot congressperson.
    4. Someone uses this method from a garden variety laptop computer and takes down a plane because the problem was never an Android problem to begin with, it’s a *unsecured network services problem*.
    5. Idiot congressperson gets re-elected, because people are idiots.

    • http://twitter.com/KnowScott Scott Stafford

      You have amazing future reading abilities.

    • http://twitter.com/PhoR11 Bradley Baustert

      You forgot:
      6. Idiot congressperson #2 slips in a clause to said bill anonymously that benefits oil/gas companies, yet doesn’t understand why the public thinks his second job “working” as a contractor for oil/gas companies should be illegal.

  • pr0xidian

    Android. In your phone, in your t.v., in space thanks to NASA, and now used for hacking. Is there anything android can’t do?!

    • ZzBallykingzZ

      Whatever you want to do….Droid does!

  • godrilla

    its like watch dogs in real life.

  • SpackJarrow

    Apparently according to the guys in charge at various airlines have already come out and said this can’t be done on the software running on the aircraft’s only on the simulation software the guy got his hands on.

    Still impressive non the less though.

    • kwaping

      Of course they’re going to say that. But is it true?

  • http://twitter.com/PhaseBurn PhaseBurn

    It’s very important to note that these tests (“hacks”) were conducted in a simulator, with appropriate hardware (RF Transmitors and the like), that tapped into a unified electronics system (all parts connected to the same network). In real aircraft, those systems are segregated making sure one can’t affect the other too easily, and, the “find folks” (*cough*) at the TSA are not supposed to let any RF transmitters of the kind required for this hack to board an actual plane.

    That being said, there is simply no excuse for the security vulnerabilities in the protocol itself, and it does need to be addressed, but the good news is that it isn’t NEARLY as simple as taking an Android phone onto a plane and taking full control. Not to mention the pilot and co-pilots can override the automated controls at ANY point, also.

  • guitarist5122

    They need to release this to the play store so I can reroute my cheap Vegas flight to Hawaii.

    • Blowfish

      The plane would probably run out of fuel and it would crash before getting to Hawaii, that is if your flight is coming from east of Vegas.

  • a) youth.in.asia

    He was beta testing on 9|11|2001

  • tom-e

    ACARS only provides info, it cannot control anything. I am an airline pilot.

    • briankh

      Right! I discussed this on another website when this came up yesterday. I don’t see any way this is possible. As a current Airbus and Boeing pilot, electrical engineer, FAA accident subject matter expert, and A&P this is not even possible. The pilot can ALWAYS override the aircraft systems. Look at the accident in Buffalo, NY a couple years ago when the captain over road the autopilot which was trying to get the aircraft out of a stall. The autopilot let the captain crash the plane. I am calling Bravo Sierra on this!

  • Brendan Heckman

    Over hyped lies and inconsistent facts. Read here: http://www.askthepilot.com/hijacking-via-android/

  • Sean Daniel

    Read about this in Engadget the other day. PLEASE stop making your articles’ titles so misleading. It is getting old.

  • androidscales

    just watch your step..lotta bullish* t here

  • josh miller

    In related news, the TSA has read this article and realized that the only way to truly make an airplane safe is to mandate that all planes have their seats replaced with these http://www.halloweenforum.com/attachments/halloween-props/5370d1250188240-my-electric-chair-img_1174.jpg

  • rajendra82

    Hacker remotely hijacks plane with an android phone and guides it to a different destination. Airplane lands at said destination. Everybody gets off the plane and leaves. Hacker does facepalm.

  • ianken

    Hey. Look at the yellow journalism. Nice.

  • Eric Silva

    I am an Air Traffic Controller and involved in the installation of ADS-B at the airport where I work.

    Automated Dependent Surveillence-Broadcast or ADS-B is far different than ACARS, ADS-B is a portion of the “NextGen” technology or Next Generation Air Traffic technology that is GPS satellite based. ADS-B isn’t being used to separate aircraft in the lower 48 US. There are stations in use in south Florida, but that is only being used for pilot information. Weather and NOTAM information is what the ADS-B system is being used for right now. In years into the future, ADS-B will be used to separate aircraft, but not now.

    ACARS is used primarily by airlines, whereas ADS-B will be required for all aircraft operating in all airspace requiring a transponder starting in 2020. Those airspaces are class A,B,C. Not necessary for class D.

    This hack is highly implausible, but apparently could be possible. If this is possible, in the US this will not be anything to worry about for years. However I would believe the FAA and Excellis (ADS-B Contracting company) will have any of these vulnerabilities taken care of soon.

  • Robert Irving