A security researcher's claim that he can redirect a commercial aircraft using only his smartphone has been questioned by safety authorities.
We have all been annoyed by the airline staff telling us to turn off our phones, tablets and ereaders before take-off, grumbling that these devices will have no real impact on the ability of the plane to stay in the air.
New research could change all that, with a security researcher showcasing an Android app which he says could be used to change the plane's direction, speed and altitude.
Speaking at the Hacking In The Box conference in Amsterdam on Thursday, Hugo Teso, a security researcher for the German IT consultancy N.Runs revealed three years of research into the systems used to send data to commercial aircraft and the flight management systems (FMS) used on board, reports Forbes.
He says he discovered the protocol - called Aircraft Communications Addressing and Report System (ACARS) - used to send messages to aircraft has no security at all, while bugs in the FMS built by companies like Honeywell, Thales and Rockwell Collins allowed him to create an Android app which with the tap of his finger would change a plane's direction, altitude, speed and the pilots' display.
"ACARS has no security at all. The airplane has no means to know if the messages it receives are valid or not," Teso said. "So they accept them and you can use them to upload data to the airplane that triggers these vulnerabilities. And then it's game over."
Teso demonstrated the app on stage in Amsterdam using a Samsung Galaxy smartphone and the map app he created specifically, with a single tap allowing him to redirect a virtual plane.
Teso did not reveal the flaws he found in the software saying he had been in touch with both the European Aviation Safety Administration (EASA) and the Federal Aviation Authority (FAA) in the US, both of whom question the real-world implications of the research.
The FAA came out strongly against Teso's claims saying:
"The FAA has determined that the hacking technique described during a recent computer security conference does not pose a flight safety concern because it does not work on certified flight hardware.
"The described technique cannot engage or control the aircraft's autopilot system using the FMS or prevent a pilot from overriding the autopilot. Therefore, a hacker cannot obtain "full control of an aircraft" as the technology consultant has claimed."
The EASA was somewhat most restrained in its reaction to the research:
"For more than 30 years now, the development of certifiable embedded software has been following strict guidance and best practices that include in particular robustness that is not present on ground-based simulation software."
Honeywell confirmed it has spoken to Teso about his research but is not conceding that it presents a real-world problem:
"We take this seriously and we're going to work with N.Runs to assess this," Honeywell spokesperson Scott Sayres told Forbes. "But as Teso readily admits, the version he used of our flight management system is a publicly available PC simulation, and that doesn't have the same protections against overwriting or corrupting as our certified flight software."
Rockwell Collins also spoke to Forbes saying controlling a virtual plane on stage does not equate to doing the same thing with a real aircraft:
"Today's certified avionics systems are designed and built with high levels of redundancy and security. The research by Hugo Teso involves testing with virtual aircraft in a lab environment, which is not analogous to certified aircraft and systems operating in regulated airspace."