Better Brighter Future Delayed: Commercial Airliners Vulnerable To Hacks Via Android

Thomas Kreutzer
by Thomas Kreutzer
better brighter future delayed commercial airliners vulnerable to hacks via android

As the technology that will one day network cars together and reorganize the roads in the name of safety and efficiency continues to rush towards us, word comes that the computerized systems used to control commercial aircraft in flight are now vulnerable to hackers via android devices. is reporting on an April 10th presentation at the “Hack in the Box Conference” by German security consultant Hugo Teso during which he demonstrates how a wireless device can be used to transmit malicious code into an aircraft’s computer through at least two different systems currently used to exchange information between aircraft and ground stations. Those of you who are already afraid to fly will want to read all of the excruciating details here:

Like many people, I believe that the highways of the future will be heavily automated. The possibilities of computerized roads are enormous and the technology could change the way our society functions by combining the benefits of cheap, efficient public transportation with the convenience enjoyed by car owners today. Imagine a world where a car will arrive at your doorstep moments before you leave for work, carry you in comfort and privacy on a trip that will meet with no traffic jams, stop at no lights, and during which you will be free to watch TV, browse the internet, catch a nap or just look out the window. Upon dropping you off, the car will then head off to its next customer or, if you are one of the Neanderthals who insist on owning your own vehicle, head off to a designated parking facility until you summon it again.

That future is heavily dependent upon the seamless integration of a number of networks and like modern aircraft, cars of the future will need to exchange a great deal of data to coordinate even the simplest of trips. Within that coordination lies the opportunity for mayhem and our lives will hang in the balance. While I look forward to that better, brighter future, for the time being I will keep my feet firmly on the ground and my hands wrapped around the steering wheel.

Join the conversation
3 of 16 comments
  • Mykl Mykl on Apr 15, 2013

    As someone prior to me stated, you can't just do this with an off-the-shelf Android device. These types of demos happen at any and all decent network security conferences, it's all about displaying proof of concept. The idea is that security personnel become aware of the issue that the hackers have uncovered, and take action before a genuinely malicious actor takes advantage of the hole. In order to execute an attack on any electronic device you need two things: an exploit and access. Google doesn't prepackage their devices with an OMGAiRplAneHaX exploit framework, and while the details surrounding exactly how you access a plane in flight is a little fuzzy to me, I'm going to guess that it's more complicated than simply pinging an IP address or sending a text message. Still, it can't be so complicated that a determined attacker couldn't figure it out. All that said, so long as the pilot in charge of the plane is made aware of any adjustments to their flight system, and have the ability to take manual control of the plane at any point... I wouldn't be terribly afraid of getting on a plane. Although I do hope that the airline industry starts to take this seriously, because if these systems are *that* vulnerable a single nasty piece of malware could be catastrophic.

  • Robert.Walter Robert.Walter on Apr 17, 2013

    FAA has apparently consulted with the hacker and subsequently debunked his hack.

    • Mykl Mykl on Apr 17, 2013

      This does not mean that certified flight systems are invulnerable. It just means that either the specific technique used in this exploit did not work. It's entirely possible that the exploit would still work with a trivial tweak, but the FAA isn't going to advertise that for obvious reasons. However, that the FAA was so responsive to this makes me feel good about flying. If they're taking it this seriously I don't think we have much to worry about.

  • Arthur Dailey I grew up in an era when a teenager could work pumping gas or bussing tables and be able to purchase a vehicle for a couple of thousand dollars and drive it with 'uninsured' status.If a parent advised on the purchase of the vehicle, they would most often point us to a large, stripped/base version, domestic sedan with the smallest possible engine.These cars generally had terrible driving dynamics and little to no safety features, but were easy to work, had large bench seats/interiors and not enough power to get out of their own way.
  • MaintenanceCosts I'll guess: 3rd owner, never did even basic maintenance, major component failed, car got towed from the apartment complex parking lot, no one bought it at auction because the repair bill exceeded the value.The chrome pillar appliques support this hypothesis.
  • MaintenanceCosts I'm generally in the "I want them to have all the new safety stuff" camp, but new cars are both too fast and too isolating these days. They mask speed enough that a new driver can get way in over his head without really realizing he's even going that fast. This is especially a concern with my youngest, who wants to do everything he does faster. (He has zero fear tearing down hills at 25 mph on his little 20" wheel bike.) I'm hoping for something that is slow and communicates speed well, although I'm not quite sure there is any such thing in today's market.
  • KOKing I test-drove a used Equus Ultimate (the one with all the back seat doodads) that was a trade-in at a Ford dealer, and although it was VERY nice to be in as a Lexus LS with Ultra Luxury, it was supposedly in a minor fender-bender that probably wasn't repaired correctly (like a pinched bus cable or something?), and random features didn't work at all.I think this car suffered the same problem in the US that the VW Phaeton did, and probably would've done better if it was badged a Genesis from the get-go.
  • Analoggrotto Tesla owners are still smarter than anyone else, regardless.