Paul Marks, senior technology correspondent
(Image: Nasowas/Getty)
A commercial pilot with a knack for hacking has built a smartphone app he claims can hijack the air-to-ground messaging system used in aircraft cockpits. But the European Aviation Safety Agency (EASA) and US Federal Aviation Administration have been quick to dismiss the work, saying that he only hacked into a PC-based training simulator rather than the "protected" technology on real flight decks.
At issue is a talk by engineer and pilot Hugo Teso of N.runs, a German security systems company, at the Hack In The Box conference in Amsterdam, the Netherlands, this week. Teso outlined how his app, PlaneSploit, running on an Android smartphone, could inject messages into a flight deck's Aircraft Communications Addressing and Reporting System. ACARS allows simple text messages to be exchanged between air traffic control and pilots over VHF radio, and is also used to send aircraft and engine diagnostic data to airlines.
But malformed ACARS messages, Teso claims, could be designed to trigger vulnerabilities in certain Fight Management System (FMS) computers, potentially allowing a hijacker some control over an aircraft's movements in the sky. ACARS uses no authentication to verify messages are genuine. But an EASA spokesman denies that any "potential vulnerabilities on actual flying systems" have been shown. "The simulation does not have the same overwriting protection and redundancies included in certified flight software," he says.
The truth is a tad muddy. Teso says he bought widely used second-hand Honeywell and Rockwell Collins FMS systems on eBay and claims his tests are all valid, and that a minimum of adaptation could make his exploits run in a real plane. Teso adds that he is now "working with EASA to improve the situation" - but why would he be if EASA denies there is a problem?
Even if Teso could only insert fake messages in the cockpit, Teso's tech could cause issues, distracting pilots with, say, alarming weather or air traffic reports. He is using a technology called software defined radio, which allows a radio of any frequency or format to be written in software. This allows him to mimic the ACARS VHF signal. The fake signal could then be broadcast from a phone in a passenger seat or near an air traffic control tower.
Security engineers have been warning for years that some emerging technologies could render aircraft vulnerable to hacking. In September 2011 the US Air Force's Institute of Technology at Wright-Patterson Air Force Base in Ohio took issue with the FAA's decision to replace radar with an unencrypted, GPS-based aircraft location technology called ADS-B. The institute found that spoof GPS signals from attackers could make ghost aircraft appear on cockpit displays, forcing crews to take evasive action and risk collisions with real planes. And they say a simple GPS jammer near a control tower could render air traffic control blind to aircraft movements in the sky and on the ground.
the national enquirer marie colvin cm punk cm punk lint buenos aires train crash argentina train crash
কোন মন্তব্য নেই:
একটি মন্তব্য পোস্ট করুন