This one couldn’t be more terrifying: at a security conference in Amsterdam, hacker and researcher Hugo Teso demonstrated how to hijack a plane’s controls from the ground using his Android smartphone. The details are almost a moot point, but just in case you’re interested, Teso exploited a protocol called the Aircraft Communications Addressing and Report System (ACARS), which controls planes’ flight management systems and has very little in the way of security.
“You can use this system to modify approximately everything related to the navigation of the plane,” Teso told Forbes. “That includes a lot of nasty things.” Things like direction, altitude, and speed. You see where this is going.
“ACARS has no security at all. The airplane has no means to know if the messages it receives are valid or not,” he added added. “So they accept them and you can use them to upload data to the airplane that triggers these vulnerabilities. And then it’s game over.”
Honeywell, the manufacturer of the flight management system that Teso hacked, believes the situation isn’t as grim as it looks. “We take this seriously and we’re going to work with N.Runs (Teso’s employer to assess this,” a representative said. “But as Teso readily admits, the version he used of our flight management system is a publicly available PC simulation, and that doesn’t have the same protections against overwriting or corrupting as our certified flight software.”