FAA and EASA say hijacking planes using an app is not possible
Posted on 15 April 2013.
The big news last week was that, according to researcher Hugo Teso, it is possible for malicious individuals to take control of an airplane using a special framework and an Android app.

Teso - a security researcher and a trained commercial pilot - has demonstrated the results of his experiment to the crowd attending the Hack In The Box Conference in Amsterdam, and has shared that both the European Aviation Safety Agency (EASA) and the Federal Aviation Administration (FAA) were informed of his research and have been working on fixing issues it unearthed.

But according to the latest statements released by both the organizations and by Honeywell and Rockwell Collins, companies that provide avionics, information technology systems and aerospace systems to aircraft manufacturers and whose simulation equipment Teso used in his research, the attack he described is not feasible.

The Federal Aviation Administration has stated that it "is aware that a German information technology consultant has alleged he has detected a security issue with the Honeywell NZ-2000 Flight Management System (FMS) using only a desktop computer. The FAA has determined that the hacking technique described during a recent computer security conference does not pose a flight safety concern because it does not work on certified flight hardware. The described technique cannot engage or control the aircraft’s autopilot system using the FMS or prevent a pilot from overriding the autopilot. Therefore, a hacker cannot obtain 'full control of an aircraft' as the technology consultant has claimed."

The EASA pointed out that certifiable embedded software sports "robustness that is not present on ground-based simulation software,” and Rockwell Collins commented for Forbes that "today’s certified avionics systems are designed and built with high levels of redundancy and security, and that Teso's researcher "involves testing with virtual aircraft in a lab environment, which is not analogous to certified aircraft and systems operating in regulated airspace."

Airline pilot Patrick Smith who writes the popular "Ask the Pilot" blog has written his own comment on why the type of attack presented by Teso is not possible.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th