How to hijack an airplane with an Android smartphone

Air safety experts, are you still worried about terrorists or the use of high-power laser pens to shake the eyes of pilots while the plane is taking off and landing? Terrorists, are you still trying to bring the "family" onto the plane? Now, the technology is truly "revolutionary". The hijacking can use an Android mobile phone to remotely control a flight at home, just like manipulation. This is not what terrorists say after drinking.

Android mobile phone applications: millions, but there is a dangerous application that you may not think of, that is, hijacking an airplane.

Yesterday at the Hack in the Box conference in Amsterdam, Hugo Teso, German information security consultant, presented a PPT download demonstration. Please log on and download it) how to hijack a plane through an ordinary Android smartphone application, this demonstration immediately attracted the attention of the audience.

Teso has over 11 years of experience in the information security field, but he has 12 years of experience as a professionally trained commercial pilot. Therefore, Teso is one of the few candidates who can comprehensively use technologies in the fields of technology and aviation for cross-border attacks.

Teso developed a hijacking framework SIMON) and an Android Application PlaneSploit) to send attack information to the aircraft's flight management system unit and control display unit. Teso demonstrated to the audience the terrible consequence of this attack method: full control and taking over a plane.

One of the two aviation information systems of Teso attacks is the Broadcast-based Automatic correlation Monitoring System (Automatic Dependent Surveillance-Broadcast, ADS-B) through an onboard transmitter, the system sends the aircraft status information identity, current location, and elevation to the aviation administrator ). ADS-B can also accept air traffic conditions, weather and other information of nearby aircraft.

Another system of Teso attacks is the aircraft communication addressing and reporting system (ACARS). The function of this system is to exchange information between aircraft and aviation administrators through radio or satellite, at the same time, the flight status information can be automatically updated.

Like the communication networks of specialized computers such as ECUs in charge of automobile engines, the standards and technologies of the above two aviation industries are completely insecure and cannot resist potential active or passive attacks. Teso first detected and locked the flight to hijack with ADS-B, and then used ACARS to collect airborne computer information and by sending malicious information to attack its vulnerability, finally controlled and manipulated the entire aircraft!

For security considerations, the SIMON framework developed by Teso was designed to run only in virtual environments rather than on real airplanes. However, in Teso's test lab, all software and hardware connections and communication methods are exactly the same as in actual scenarios. Editor's note: In fact, a large number of software and hardware such as ACARS and FMS used by Teso are sold at a low price on eBay, as shown in the figure below)

Once deployed to a flight management system (MS) computer, SIMON is hard to detect and therefore does not have to hide himself like Rootkit. With SIMON, attackers can upload specific loads to remote flight management systems, including flight plans, specific commands, and even customized plug-ins.

To make hijacking look more intuitive and "interesting", Teso also developed an Android app called PlaneSploit to remotely control planes through SIMON. Editor's note: of course, this application cannot be launched on Google Play, so we will not provide a hyperlink)

The Teso Android hijacking application PlaneSploit can perform the following operations in a virtual environment ):

• Fly a plane to a specified location
• Trigger events at specific heights and locations
• Crash the plane
• Removing an airplane from the flight management system
• Flashing lights in the cockpit, like a disco dance.

What is even more feasible is that the Android app of Teso can also use the accelerator sensor in the mobile phone to operate the plane with gestures.

Of course, the premise of all the above functions is that the aircraft must be in autonomous mode. If the pilot finds that the situation is wrong, he can switch to manual mode to get rid of the control of the mobile phone and avoid disasters.

Rao is so, we must also acknowledge that with the rapid development of digitalization and the Internet of Things, more and more dedicated infrastructure and transportation systems are becoming the target of hacker attacks, the results are much more terrible than attacks in the virtual world.