Planes Can Be Hacked With A Mobile Phone, Security Researcher Proves

A security researcher has demonstrated the ability to hack a commercial airliner with an Android phone.

Hugo Teso, a security consultant at n.runs AG in Germany, used a speech at the Hack In The Box Conference in Amsterdam to show how a hacker could take control of a plane - and crash it - from their seat.

Teso, who was formerly an airline pilot, explained how he was able to gather information about the plane, and then create an "exploit network" and an App known as PlaneSploit to manipulate it.

Using the phone he is able to send messages to the plane's Flight Management Systems and make the vehicle "dance to his tune".

The technique relies on two technologies - the Automatic Dependent Surveillance-Broadcast (ADS-B), which sends information about the plane to air traffic controllers and vice versa, and the Aircraft Communications Addressing and Reporting System, which controls communications between planes.

By "spoofing" messages and sending them to a 'dummy' plane from his phone, he was able to demonstrate how a similar app could take control of a real jet.

According to Net-Security, the functions of the PlaneSploit app include:

  • Please go here: change the plane's route by tapping locations.
  • Define area: set filters based on a plane's location - ie when it reaches London, turn sharply down.
  • Visit ground: crash the plane
  • Kiss off: remove itself from the system
  • Be punckish: alert the pilot that something is wrong with alarms and flashing lights

Teso even showed how the phone itself can be used as the controller, allowing it to 'tilt' to move the plane.

Luckily, Teso is also one of the 'good guys'. His app is deliberately designed not to work with commercial jets, and he is already working with the industry to close the exploit holes.

But his work does raise the terrifying possibility that the next great plane disaster might not be caused by bombs or knives, but something which almost every passenger has in their pocket - their mobile phone.

Check out the full story over at Net-Security.

Popular in the Community