XIAM007

Making Unique Observations in a Very Cluttered World

Friday, 12 April 2013

Hacker uses an Android to remotely attack and hijack an airplane -


Hacker uses an Android to remotely attack and hijack an airplane - 


The Hack in the Box (#HITB2013AMS) security conference in Amsterdam has a very interesting lineup of talks [pdf]. One that jumped out was the Aircraft Hacking: Practical Aero Series presented by Hugo Teso, a security consultant at n.runs in Germany. According to the abstract, “This presentation will be a practical demonstration on how to remotely attack and take full control of an aircraft, exposing some of the results of my three years research on the aviation security field. The attack performed will follow the classical methodology, divided in discovery, information gathering, exploitation and post-exploitation phases. The complete attack will be accomplished remotely, without needing physical access to the target aircraft at any time, and a testing laboratory will be used to attack virtual airplanes systems.

While keeping an eye on Twitter #HITB2013AMS, greatly interesting tweets started to appear as hackers who attended were excited. I will add some of those throughout this article.

Before his presentation, Teso recommended that people should have a little background knowledge on aviation and aircraft systems to better understand what he was going to explain. Here’s a few important facts: Automated Dependent Surveillance-Broadcast (ADS-B) has no security as was pointed out at Def Con 20 shortly before a hacker was able to inject ghost planes into radar. It is unencrypted and unauthenticated. Teso said, “Attacks range from passive attacks (eavesdropping) to active attacks (message jamming, replaying, injection.” The Aircraft Communications Addressing and Reporting System (ACARS) also has no security; it “is used for exchanging text messages between aircraft and ground stations via radio (VHF) or satellite.” Although his talk did not focus on the vulnerabilities in those two protocols, he used them to find targets.

Anyone with the right tools and a little know-how can read and send these ACARS messages. Teso purchased hardware from eBay that provided “actual flight code software” for “training” such as Flight Management System made by Rockwell. He also needed a radio transmitter and explained about software radio systems before the talk. He audited real aircraft code, searching for vulnerabilities to exploit, but used a lab with virtual airplanes as opposed to hijacking an actual jet in flight. Hijacking a real plane during a flight was “too dangerous and unethical.”

Help Net Security was present at the demo and explained:

By taking advantage of two new technologies for the discovery, information gathering and exploitation phases of the attack, and by creating an exploit framework (SIMON) and an Android app (PlaneSploit) that delivers attack messages to the airplanes' Flight Management Systems (computer unit + control display unit), he demonstrated the terrifying ability to take complete control of aircrafts by making virtual planes "dance to his tune."

According to Teso’s presentation slides [pdf], the ACARS datalink allowed for “real-time data transmission” and all communications between planes and airports are sent unencrypted. Teso used ACARS to exploit and break into the airplane’s onboard computer system and then upload Flight Management System (FMS) data. FMS could be uploaded by software defined radio and ground service providers.

Once he was into the airplane’s computer, he was able to manipulate the steering of a Boeing jet while the aircraft was in “autopilot” mode. The only countermeasure available to pilots, if they even realized they were being hacked, would be to turn off autopilot. Yet many planes no longer have old analog instruments for manual flying. Teso said he could take control of most all airplane systems; he could even cause the plane to crash by setting it on a collision course with another plane. He could also give the passengers a serious adrenaline rush by making the oxygen masks drop down.

Teso used his Samsung Galaxy and a specially crafted app called PlaneSploit to demonstrate how to hack an airplane’s computer. (Thank you for tweeting the image @isa56k!) Crime Site also showed a quick clip of the hack. And no, PlaneSploit is not going to be available to the masses to hijack planes with their Android devices.

Read more - 

No comments:

Post a Comment