Want to hijack a plane? There’s an app for that

Question of the Day

Should Congress make English the official language of the U.S.?

View results

Hijackers could remotely take over the computer-controlled flight guidance and navigational systems of a modern jumbo jet armed only with a smartphone and some special computer code, a “white hat” hacker told a security conference this week.

Hugo Teso, a security researcher at German IT consultancy N.Runs and a commercial airline pilot, unveiled his special software at the “In the Box” security conference in Amsterdam Wednesday, and posted his presentation online.

The presentation outlines his methodology but does not include technical details that would allow others to replicate his work. He said he was working with the FAA and the EASA to try and patch the holes.

Mr. Teso told Forbes magazine he spent three years reverse-engineering hardware and software for the Aircraft Communications Addressing and Report System, or ACARS. The technology is built into every commercial plane, allowing onboard computers to receive updates on weather data and flight schedules — and changes to the plane’s flight management system or FMS, better known as the autopilot.

“ACARS has no security at all,” Mr. Teso said. “The airplane has no means to know if the messages it receives are valid or not, so they accept them and you can use them to upload data to the airplane” that can be used to take over the aircraft’s systems.

“And then it’s game over,” he said.

© Copyright 2014 The Washington Times, LLC. Click here for reprint permission.

About the Author
Shaun Waterman

Shaun Waterman

Shaun Waterman is an award-winning reporter for The Washington Times, covering foreign affairs, defense and cybersecurity. He was a senior editor and correspondent for United Press International for nearly a decade, and has covered the Department of Homeland Security since 2003. His reporting on the Sept. 11 Commission and the tortuous process by which some of its recommendations finally became ...

Latest Stories

Latest Blog Entries

blog comments powered by Disqus
TWT Video Picks