FAQFAQ   SearchSearch   MemberlistMemberlist  Chat Chat  UsergroupsUsergroups  CalendarCalendar RegisterRegister   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Remote control of airliner demonstrated via smartphone!

 
Post new topic   Reply to topic    9/11, 7/7 & the War on Freedom Forum Index -> 9/11 & 7/7 Truth News
View previous topic :: View next topic  
Author Message
Alan_Firminger
New Poster
New Poster


Joined: 11 Apr 2013
Posts: 2

PostPosted: Fri Apr 12, 2013 10:47 am    Post subject: Remote control of airliner demonstrated via smartphone! Reply with quote

Researcher hacks aircraft controls with Android smartphone
http://www.theregister.co.uk/2013/04/11/hacking_aircraft_with_android_ handset/

This may give the TSA some ideas

By Iain Thomson in San Francisco Get more from this author

Posted in Security, 11th April 2013 01:12 GMT

A presentation at the Hack In The Box security summit in Amsterdam has demonstrated that it's possible to take control of aircraft flight systems and communications using an Android smartphone and some specialized attack code.

Hugo Teso, a security researcher at N.Runs and a commercial airline pilot, spent three years developing the code, buying second-hand commercial flight system software and hardware online and finding vulnerabilities within it. His presentation will cause a few sleepless nights among those with an interest in aircraft security.

Teso's attack code, dubbed SIMON, along with an Android app called PlaneSploit, can take full control of flight systems and the pilot's displays. The hacked aircraft could even be controlled using a smartphone's accelerometer to vary its course and speed by moving the handset about.

"You can use this system to modify approximately everything related to the navigation of the plane," Teso told Forbes. "That includes a lot of nasty things."

First, Teso looked at the Automatic Dependent Surveillance-Broadcast (ADS-B) system that updates ground controllers on an aircraft's position over a 1Mb/s data link. This has no security at all, he found, and could be used to passively eavesdrop on an aircraft's communications and also actively interrupt broadcasts or feed in misinformation.

Also vulnerable is the Aircraft Communications Addressing and Reporting System (ACARS), the communication relay used between pilots and ground controllers. Using a Samsung Galaxy handset, he demonstrated how to use ACARS to redirect an aircraft's navigation systems to different map coordinates.

"ACARS has no security at all. The airplane has no means to know if the messages it receives are valid or not," he said. "So they accept them and you can use them to upload data to the airplane that triggers these vulnerabilities. And then it's game over."
Back to top
View user's profile Send private message
scienceplease 2
Trustworthy Freedom Fighter
Trustworthy Freedom Fighter


Joined: 06 Apr 2009
Posts: 1473

PostPosted: Fri Apr 12, 2013 12:21 pm    Post subject: Reply with quote

No details on the aircraft types but at a guess, it would include Boeing 757s and 767s....

Quote:
Researcher hacks aircraft controls with Android smartphone
Posted in Security, 11th April 2013 01:12 GMT

A presentation at the Hack In The Box security summit in Amsterdam has demonstrated that it's possible to take control of aircraft flight systems and communications using an Android smartphone and some specialized attack code.

Hugo Teso, a security researcher at N.Runs and a commercial airline pilot, spent three years developing the code, buying second-hand commercial flight system software and hardware online and finding vulnerabilities within it. His presentation will cause a few sleepless nights among those with an interest in aircraft security.

Teso's attack code, dubbed SIMON, along with an Android app called PlaneSploit, can take full control of flight systems and the pilot's displays. The hacked aircraft could even be controlled using a smartphone's accelerometer to vary its course and speed by moving the handset about.

"You can use this system to modify approximately everything related to the navigation of the plane," Teso told Forbes. "That includes a lot of nasty things."

First, Teso looked at the Automatic Dependent Surveillance-Broadcast (ADS-B) system that updates ground controllers on an aircraft's position over a 1Mb/s data link. This has no security at all, he found, and could be used to passively eavesdrop on an aircraft's communications and also actively interrupt broadcasts or feed in misinformation.

Also vulnerable is the Aircraft Communications Addressing and Reporting System (ACARS), the communication relay used between pilots and ground controllers. Using a Samsung Galaxy handset, he demonstrated how to use ACARS to redirect an aircraft's navigation systems to different map coordinates.

"ACARS has no security at all. The airplane has no means to know if the messages it receives are valid or not," he said. "So they accept them and you can use them to upload data to the airplane that triggers these vulnerabilities. And then it's game over."

Teso was also able to use flaws in ACARS to insert code into a virtual aircraft's Flight Management System. By running the code between the aircraft's computer unit and the pilot's display he was able to take control of what the aircrew would be seeing in the cockpit and change the direction, altitude, and speed of the compromised craft.
Back to top
View user's profile Send private message
Alan_Firminger
New Poster
New Poster


Joined: 11 Apr 2013
Posts: 2

PostPosted: Sat Apr 13, 2013 4:55 pm    Post subject: Reply with quote

The original report is here .
Back to top
View user's profile Send private message
TonyGosling
Editor
Editor


Joined: 25 Jul 2005
Posts: 12299
Location: St. Pauls, Bristol, England

PostPosted: Thu Mar 13, 2014 12:20 pm    Post subject: Reply with quote

Vulnerabilities in aircraft systems allow remote airplane hijacking, researcher says
Communication technologies like ADS-B and ACARS can be abused to remotely exploit vulnerabilities in aircraft systems, a researcher said

By Lucian Constantin
April 11, 2013 04:04 AM ET
http://www.computerworld.com/s/article/9238320/Vulnerabilities_in_airc raft_systems_allow_remote_airplane_hijacking_researcher_says

IDG News Service - The lack of security in communication technologies used in the aviation industry makes it possible to remotely exploit vulnerabilities in critical on-board systems and attack aircraft in flight, according to research presented Wednesday at the Hack in the Box security conference in Amsterdam.

The presentation, by Hugo Teso, a security consultant at consultancy firm N.runs in Germany, who has also had a commercial pilot license for the past 12 years, was the result of the researcher's three-yearlong research into the security of avionics.

Teso showed how the absence of security features in ADS-B (automatic dependent surveillance-broadcast), a technology used for aircraft tracking, and ACARS (Aircraft Communications Addressing and Reporting System), a datalink system used to transmit messages between aircraft and ground stations via radio or satellite, can be abused to exploit vulnerabilities in flight management systems.

He did not experiment on real airplanes, which would be both dangerous and illegal, according to his own account. Instead Teso acquired aircraft hardware and software from different places, including from vendors offering simulation tools that use actual aircraft code and from eBay, where he found a flight management system (FMS) manufactured by Honeywell and a Teledyne ACARS aircraft management unit.

Using these tools, he set up a lab where he simulated virtual airplanes and a station for sending specifically crafted ACARS messages to them in order to exploit vulnerabilities identified in their flight management systems -- specialized computers that automate in-flight tasks related to navigation, flight planning, trajectory prediction, guidance and more.

The FMS is directly connected to other critical systems like navigation receivers, flight controls, engine and fuel systems, aircraft displays, surveillance systems and others, so by compromising it, an attacker could theoretically start attacking additional systems. However, this aspect was beyond the scope of this particular research, Teso said.

Identifying potential targets and gathering basic information about them via ADS-B is fairly easy because there are many places online that collect and share ADS-B data, such as flightradar24.com, which also has mobile apps for flight tracking, Teso said.

ACARS can be used to gather even more information about each potential target, and by combining this information with other open-source data, it is possible to determine with a fairly high degree of certainty what model of FMS a specific aircraft is using, Teso said.

After this is done, an attacker could send specifically crafted ACARS messages to the targeted aircraft to exploit vulnerabilities identified in the code of its FMS. In order to do this, the attacker could build his own software-defined radio system, which would have a range limit depending on the antenna being used, or he could hack into the systems of one of the two main ground service providers and use them to send ACARS messages, a task that would probably be more difficult, Teso said.

_________________
www.rethink911.org
www.actorsandartistsfor911truth.org
www.mediafor911truth.org
www.pilotsfor911truth.org
www.mp911truth.org
www.ae911truth.org
www.rl911truth.org
www.stj911.org
www.l911t.com
www.v911t.org
www.thisweek.org.uk
www.abolishwar.org.uk
www.elementary.org.uk
www.radio4all.net/index.php/contributor/2149
http://utangente.free.fr/2003/media2003.pdf
"The maintenance of secrets acts like a psychic poison which alienates the possessor from the community" Carl Jung
https://37.220.108.147/members/www.bilderberg.org/phpBB2/
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    9/11, 7/7 & the War on Freedom Forum Index -> 9/11 & 7/7 Truth News All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group