“Plane hacker” shows what’s app with modern aircraft security

It used to be the preserve of acne-ridden teens in darkened bedrooms who hadn’t yet discovered the female of the species – hacking, that it is – but cyber snooping has really hit the big time. Now, barely a day goes by without a newsflash about some shadowy entity gaining unauthorised access to a corporate or government system – the mighty Pentagon proving no exception.

Just two months ago, US security company Mandiant identified a dedicated group in China (China, are they sure?) which has systematically siphoned information from at least 141 worldwide organisations across key industries including engineering services, satellites and telecoms – and aerospace.

The latest scare story to chill the souls of those whose computer skills end abruptly at MS Word emerged last week at the Hack in the Box conference in Amsterdam. Internet security consultant and theoretical plane hacker Hugo Teso caused a stir by unveiling an app called “PlaneSploit”, which is designed to access a flight management system, enabling the user to take control of an aircraft mid-air.

Using a screen grab from his smartphone, Teso demonstrated functions on the app for everything from altering the air conditioning to changing the course of the flight, plus a “Visit ground” option – the polite way to crash an aircraft. Although Teso admitted he had only tested the app on a simulator he built himself with spare parts from the Internet, he explained that on an actual aircraft the tactic could work across 3G or a wireless connection.

Teso may have wowed his conference audience, but less impressed were the industry experts who pointed out various barriers to the success of such a scheme – not least the independence of the multiple computer systems onboard an aircraft and the ability of the pilot to assume manual control. The FAA and EASA also moved quickly to dismiss the possibility that Teso’s method or something like it could work for real.

But this, of course, is exactly what they had to say. As manufacturers forge ahead with the development of more electric aircraft and airlines roll out in-flight passenger services such as Wi-Fi, any admission of vulnerability in this brave new era of aviation would be rather off-message.

However, the question should be asked: as cockpits become increasingly physically secure and aircraft computer systems more complex, are we not closing one door while opening another? Any system has a weakness and the digital world is more fluid and full of flaws (or doors) than the real one.

The naysayers may be scorning Teso and his app right now, but perhaps the industry should remember the consensus on the Wright brothers and their own madcap scheme – people said it was impossible.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.