December 23, 2024 08:07 AM

Hacker Presents Software That Could Control Planes

Airlines, watch out: here comes SIMON.

German security analyst Hugo Teso presented his Android app called PlaneSploit, at the Hack in the Box conference in Amsterdam Wednesday. The new ap runs on the software SIMON Teso developed for three years.

PlaneSploit uses code to hack into airline security software by using radio signals.

Teso employed a flight simulator to demonstrate just how he changed the speed and direction of the plane.

This system can also modify what shows up on a pilot's display screen, or even shut off the lights in the cockpit. He also said that the app transforms any Android phone into a remote control, sending waves of commands like, "Go Here" and "Visit Ground" to any planes.

"You can use this system to modify approximately everything related to the navigation of the plane," Teso told Forbes in an interview following the presentation. "That includes a lot of nasty things."

Teso's app does not work on most flight hardware, and it therefore poses no actual threat, he said, since SIMON was developed only to work under virtual circumstances.

"The described technique cannot engage or control the aircraft's autopilot system using the (Flight Management System) or prevent a pilot from overriding the autopilot," the Federal Aviation Administration told CNN. "Therefore, a hacker cannot obtain 'full control of an aircraft' as the technology consultant has claimed."

The potential in PlaneSploit is very real, and could lead to further hacking software that might eventually control an aircraft's flight path.

Sophos Security Analyst Graham Cluly said Teso kept some crucial details at bay, so as not to let important information fall into the wrong hands.

"No one else has had an opportunity to test this researcher's claims as he has, thankfully, kept secret details of the vulnerabilities he was able to exploit," Cluley told CNN. "We are also told that he has informed the relevant bodies, so steps can be taken to patch any security holes before someone with more malicious intent has an opportunity to exploit them."

Join the Discussion
Real Time Analytics