Better Brighter Future Delayed: Commercial Airliners Vulnerable To Hacks Via Android

Thomas Kreutzer
by Thomas Kreutzer

As the technology that will one day network cars together and reorganize the roads in the name of safety and efficiency continues to rush towards us, word comes that the computerized systems used to control commercial aircraft in flight are now vulnerable to hackers via android devices. Net-Security.org is reporting on an April 10th presentation at the “Hack in the Box Conference” by German security consultant Hugo Teso during which he demonstrates how a wireless device can be used to transmit malicious code into an aircraft’s computer through at least two different systems currently used to exchange information between aircraft and ground stations. Those of you who are already afraid to fly will want to read all of the excruciating details here: http://www.net-security.org

Like many people, I believe that the highways of the future will be heavily automated. The possibilities of computerized roads are enormous and the technology could change the way our society functions by combining the benefits of cheap, efficient public transportation with the convenience enjoyed by car owners today. Imagine a world where a car will arrive at your doorstep moments before you leave for work, carry you in comfort and privacy on a trip that will meet with no traffic jams, stop at no lights, and during which you will be free to watch TV, browse the internet, catch a nap or just look out the window. Upon dropping you off, the car will then head off to its next customer or, if you are one of the Neanderthals who insist on owning your own vehicle, head off to a designated parking facility until you summon it again.

That future is heavily dependent upon the seamless integration of a number of networks and like modern aircraft, cars of the future will need to exchange a great deal of data to coordinate even the simplest of trips. Within that coordination lies the opportunity for mayhem and our lives will hang in the balance. While I look forward to that better, brighter future, for the time being I will keep my feet firmly on the ground and my hands wrapped around the steering wheel.

Thomas Kreutzer
Thomas Kreutzer

More by Thomas Kreutzer

Comments
Join the conversation
3 of 16 comments
  • Mykl Mykl on Apr 15, 2013

    As someone prior to me stated, you can't just do this with an off-the-shelf Android device. These types of demos happen at any and all decent network security conferences, it's all about displaying proof of concept. The idea is that security personnel become aware of the issue that the hackers have uncovered, and take action before a genuinely malicious actor takes advantage of the hole. In order to execute an attack on any electronic device you need two things: an exploit and access. Google doesn't prepackage their devices with an OMGAiRplAneHaX exploit framework, and while the details surrounding exactly how you access a plane in flight is a little fuzzy to me, I'm going to guess that it's more complicated than simply pinging an IP address or sending a text message. Still, it can't be so complicated that a determined attacker couldn't figure it out. All that said, so long as the pilot in charge of the plane is made aware of any adjustments to their flight system, and have the ability to take manual control of the plane at any point... I wouldn't be terribly afraid of getting on a plane. Although I do hope that the airline industry starts to take this seriously, because if these systems are *that* vulnerable a single nasty piece of malware could be catastrophic.

  • Robert.Walter Robert.Walter on Apr 17, 2013

    FAA has apparently consulted with the hacker and subsequently debunked his hack. http://www.securityweek.com/faa-dismisses-planesploit-creators-claims

    • Mykl Mykl on Apr 17, 2013

      This does not mean that certified flight systems are invulnerable. It just means that either the specific technique used in this exploit did not work. It's entirely possible that the exploit would still work with a trivial tweak, but the FAA isn't going to advertise that for obvious reasons. However, that the FAA was so responsive to this makes me feel good about flying. If they're taking it this seriously I don't think we have much to worry about.

  • Lorenzo Heh. The major powers, military or economic, set up these regulators for the smaller countries - the big guys do what they want, and always have. Are the Chinese that unaware?
  • Lorenzo The original 4-Runner, by its very name, promised something different in the future. What happened?
  • Lorenzo At my age, excitement is dangerous. one thing to note: the older models being displayed are more stylish than their current versions, and the old Subaru Forester looks more utilitarian than the current version. I thought the annual model change was dead.
  • Lorenzo Well, it was never an off-roader, much less a military vehicle, so let the people with too much money play make believe.
  • EBFlex The best gift would have been a huge bonfire of all the fak mustangs in inventory and shutting down the factory that makes them.Heck, nobody would even have to risk life and limb starting the fire, just park em close together and wait for the super environmentally friendly EV fire to commence.
Next