Hacking Airplanes with SIMON and PlaneSploit
For those that thought hacking car systems or medical devices was bad, what if airplane systems were exploitable? Could you access a planes secured communication system and monitor it or even worse, take over the plane?
At this year’s Amsterdam Hack in The Box Security Conference, security researcher Hugo Teso demonstrated how this could be done…
From an Android Smartphone…
Teso is not only a security researcher, but also a commercial airline pilot. He created a test lab using airplane communication hardware that he was able to buy online. He then analyzed the system and created his own exploit code called SIMON and a custom smartphone app called PlaneSploit.
According to Forbes, Teso told the crowd that he could send radio signals to planes that would cause them to execute arbitrary commands such as changes in direction, altitude, speed, and the pilots’ displays.
And in a phone interview with Forbes’ Andy Greenburg Teso said, “You can use this system to modify approximately everything related to the navigation of the plane, that includes a lot of nasty things.”
He was able to acquire all the hardware needed online through sites like Ebay. According to his slide presentation, amazingly some of the parts were as cheap as $9.99:
And he found many of the communications signals were not encrypted or used very light security. He was able to do everything from passively eavesdropping on the signals to using active attacks like jamming, replay and complete signal injection.
Teso is working with airline authorities to help rectify the situation. And no, he is not releasing the exploit code, so you won’t see a PlaneSploit module in Backtrack any time soon!
For more information check out his Presentation slide show on the HitB website.