A computer hacker has exposed how an app can literately take over a plane’s controls and redirect it — at the touch of a smartphone screen.
While our high-tech digital world can be a lifesaver for anyone desperate for a Starbucks coffee or if you’re running out of gas in a foreign city, the frightening scenario presented by Hugo Teso, a security researcher for a German information technology firm, strikes fear into the heart of even the most dedicated computer geek.
The expert revealed the weakness at a security conference in Amsterdam on Wednesday, where he explained how hijacking a protocol used to send data to commercial aircraft — and exploiting bugs in flight management software — he could send radio signals to planes that would cause them to execute commands such as changes in direction, altitude and speed.
“You can use this system to modify approximately everything related to the navigation of the plane,” Teso told Forbes.
“That includes a lot of nasty things.”
The main security hole that Teso uncovered was in the Aircraft Communications Addressing and Report System (ACARS), a system that handles everything from weather data to changes in a plane’s flight management software.
“ACARS has no security at all,” he claimed.
“The airplane has no means to know if the messages it receives are valid or not,” he explained. “So they accept them and you can use them to upload data to the airplane that triggers these vulnerabilities. And then it’s game over.”
Honeywell insisted the vulnerabilities found by the researcher aren’t as perilous as he made out; the company said the software exploited by Teso was its PC version, according to the New York Post — not the full version found on planes.
“The version (Teso) used of our flight management system is a publicly available PC simulation and that doesn’t have the same protections against overwriting or corrupting as our certified flight software,” said a spokesman for Honeywell.