Better Brighter Future Delayed: Commercial Airliners Vulnerable To Hacks Via Android
As the technology that will one day network cars together and reorganize the roads in the name of safety and efficiency continues to rush towards us, word comes that the computerized systems used to control commercial aircraft in flight are now vulnerable to hackers via android devices. Net-Security.org is reporting on an April 10th presentation at the “Hack in the Box Conference” by German security consultant Hugo Teso during which he demonstrates how a wireless device can be used to transmit malicious code into an aircraft’s computer through at least two different systems currently used to exchange information between aircraft and ground stations. Those of you who are already afraid to fly will want to read all of the excruciating details here: http://www.net-security.org
Like many people, I believe that the highways of the future will be heavily automated. The possibilities of computerized roads are enormous and the technology could change the way our society functions by combining the benefits of cheap, efficient public transportation with the convenience enjoyed by car owners today. Imagine a world where a car will arrive at your doorstep moments before you leave for work, carry you in comfort and privacy on a trip that will meet with no traffic jams, stop at no lights, and during which you will be free to watch TV, browse the internet, catch a nap or just look out the window. Upon dropping you off, the car will then head off to its next customer or, if you are one of the Neanderthals who insist on owning your own vehicle, head off to a designated parking facility until you summon it again.
That future is heavily dependent upon the seamless integration of a number of networks and like modern aircraft, cars of the future will need to exchange a great deal of data to coordinate even the simplest of trips. Within that coordination lies the opportunity for mayhem and our lives will hang in the balance. While I look forward to that better, brighter future, for the time being I will keep my feet firmly on the ground and my hands wrapped around the steering wheel.
More by Thomas Kreutzer
Comments
Join the conversation
As someone prior to me stated, you can't just do this with an off-the-shelf Android device. These types of demos happen at any and all decent network security conferences, it's all about displaying proof of concept. The idea is that security personnel become aware of the issue that the hackers have uncovered, and take action before a genuinely malicious actor takes advantage of the hole. In order to execute an attack on any electronic device you need two things: an exploit and access. Google doesn't prepackage their devices with an OMGAiRplAneHaX exploit framework, and while the details surrounding exactly how you access a plane in flight is a little fuzzy to me, I'm going to guess that it's more complicated than simply pinging an IP address or sending a text message. Still, it can't be so complicated that a determined attacker couldn't figure it out. All that said, so long as the pilot in charge of the plane is made aware of any adjustments to their flight system, and have the ability to take manual control of the plane at any point... I wouldn't be terribly afraid of getting on a plane. Although I do hope that the airline industry starts to take this seriously, because if these systems are *that* vulnerable a single nasty piece of malware could be catastrophic.
FAA has apparently consulted with the hacker and subsequently debunked his hack. http://www.securityweek.com/faa-dismisses-planesploit-creators-claims