These days everything is at risk of being hacked, even the airplane you take next time you fly.
On Wednesday at the “Hack in the Box” security conference in Amsterdam, a security expert demonstrated how hackers can take control of an airplane by using a mobile device and a few other basic tools.
According to a report from Computerworld, Hugo Teso—a security consultant at the German security firm n.runs—showed how anyone with some basic knowledge and the right devices can take complete control over an aircraft from a remote location without ever having contact with the targeted plane.
Basically, critical security vulnerabilities in aircraft communication and tracking systems make hacking planes quite simple.
The Automated Dependent Surveillance-Broadcast (ADS-B)—the surveillance technology aircraft use for tracking—and the Aircraft Communications Addressing and Reporting System (ACARS), which is the technology used to exchange messages between aircraft and ground stations via radio or satellite, have no encryption, meaning they are open for exploitation.
Teso demonstrated that by using hardware, such as a flight management system that has actual flight code software, and a radio transmitter, he could search through real aircraft code to look for vulnerabilities.
Using a flight management system he purchased off eBay, Teso said he was able to tap into ACARS, the aircraft’s messaging system, to hijack the computer system that controls the autopilot so that he could upload new data that would set the plane on a new course.
Using the exploitable code Teso discovered by examining the navigation software, Teso made the process even simpler by creating his own code and an Android app called PlaneSploit. In a test lab demonstration, he showed how, by using the app on his Samsung Galaxy smartphone, he could redirect virtual planes and, hypothetically, real planes.
According to the Computerworld report, Teso said he could take control of almost any aircraft system and even set the plane on a collision course with another plane.
—By CNBC’s Cadie Thompson