FAA and EASA say hijacking planes using an app is not possible
Posted on 15 April 2013.
The big news last week was that, according to researcher Hugo Teso, it is possible for malicious individuals to take control of an airplane using a special framework and an Android app.

Teso - a security researcher and a trained commercial pilot - has demonstrated the results of his experiment to the crowd attending the Hack In The Box Conference in Amsterdam, and has shared that both the European Aviation Safety Agency (EASA) and the Federal Aviation Administration (FAA) were informed of his research and have been working on fixing issues it unearthed.

But according to the latest statements released by both the organizations and by Honeywell and Rockwell Collins, companies that provide avionics, information technology systems and aerospace systems to aircraft manufacturers and whose simulation equipment Teso used in his research, the attack he described is not feasible.

The Federal Aviation Administration has stated that it "is aware that a German information technology consultant has alleged he has detected a security issue with the Honeywell NZ-2000 Flight Management System (FMS) using only a desktop computer. The FAA has determined that the hacking technique described during a recent computer security conference does not pose a flight safety concern because it does not work on certified flight hardware. The described technique cannot engage or control the aircraft’s autopilot system using the FMS or prevent a pilot from overriding the autopilot. Therefore, a hacker cannot obtain 'full control of an aircraft' as the technology consultant has claimed."

The EASA pointed out that certifiable embedded software sports "robustness that is not present on ground-based simulation software,” and Rockwell Collins commented for Forbes that "today’s certified avionics systems are designed and built with high levels of redundancy and security, and that Teso's researcher "involves testing with virtual aircraft in a lab environment, which is not analogous to certified aircraft and systems operating in regulated airspace."

Airline pilot Patrick Smith who writes the popular "Ask the Pilot" blog has written his own comment on why the type of attack presented by Teso is not possible.









Spotlight

Successful strategies to avoid frequent password changes

Posted on 19 August 2014.  |  After a widespread, nonspecific data breach, the conventional wisdom is that people should change all their passwords. But, there’s a better way.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Aug 20th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //