At Hack in the Box: Hacking an Airplane With Only an Android Phone
Hugo Teso Shares PlaneSploit Findings
At the Hack In The Box conference in Amsterdam, security consultant Hugo Teso demonstrated PlaneSploit, an app he developed that can take control of certain systems aboard an airplane and cause it to change direction or just crash itself into the ground.
“It’s amazing to discover that aviation – an industry where safety is of vital importance and every physical element has one or even two fail-safe mechanisms – is failing to secure the onboard computer, the heart and brain of the plane.”
As detailed on the net-security website, an extremely well attended talk at the event by Hugo Teso, a security consultant at n.runs AG in Germany, covered the completely realistic scenario of plane hijacking via a simple Android app, and galvanized the crowd attending the Amsterdam conference.
According to Computer World, Teso used codes from real-world aircrafts to start the hijacking sequence but used virtual planes in a lab to simulate his actual hijacking capabilities.
In preparation for his presentation, and to help those unfamiliar with aviation systems, Teso explains on his website: “One of the problems I faced while preparing my talk for HITB 2013 Amsterdam, was that background knowledge on aviation and aircraft systems was necesary in order to understand what I am going to explain. On most security conferences, the talks target well known systems and networks so all the necessary knowledge is already known by the attendees but in this case it is not the situation. As I have a time limit, and I can’t give all the details on the aviation systems, protocols and terminology employed, I would like to explain in advance some of those elements, so the attendees can better understand the talk and its contents.”
Teso explains that his post does not mean to be extensive, but just to give some basic background and offer some resources for further learning to whom may be interested in going deeper.
Hugo Teso works as a security consultant at n.runs AG in Germany. He has been working on IT security for the last 11 years, mainly in Spain. Also being a commercial pilot, it was just a matter of time before he focused his attention on aviation security. Together with the development of some open source projects, like Inguma and Bokken, he has spent a lot of time on aviation security research and has presented some of the results in conferences like RootedCon.
Teso’s Presentation may be viewed here: Teso Conference PDF
All Presentations from the conference may be viewed here: All Hack in the Box Presentations