A German security researcher says he has developed an app that could hack planes
Hugo Teso is a security consultant and a licensed commercial pilot
His software, SIMON, is designed to work only on simulations
He's contacted makers of air-traffic systems and authorities in U.S. and Europe
Could this be the deadliest smartphone app ever?
A German security consultant, who’s also a commercial pilot, has demonstrated tools he says could be used to hijack an airplane remotely, using just an Android phone.
Speaking at the Hack in the Box security summit in Amsterdam, Netherlands, Hugo Teso said Wednesday that he spent three years developing SIMON, a framework of malicious code that could be used to attack and exploit airline security software, and an Android app to run it that he calls PlaneSploit.
Using a flight simulator, Teso showed off the ability to change the speed, altitude and direction of a virtual airplane by sending radio signals to its flight-management system. Current security systems don’t have strong enough authentication methods to make sure the commands are coming from a legitimate source, he said.
“You can use this system to modify approximately everything related to the navigation of the plane,” Teso told Forbes after his presentation. “That includes a lot of nasty things.”
He told the crowd that the tools also could be used to do things like change what’s on a pilot’s display screen or turn off the lights in the cockpit. With the Android app he created, he said, he could remotely control a plane by simply tapping preloaded commands like “Please Go Here” and the ominous “Visit Ground.”
The Federal Aviation Administration said it is aware of Teso’s claims, but said the hacking technique does not pose a threat on real flights because it does not work on certified flight hardware.
“The described technique cannot engage or control the aircraft’s autopilot system using the (Flight Management System) o