FAA and EASA say hijacking planes using an app is not possible
Posted on 15 April 2013.
The big news last week was that, according to researcher Hugo Teso, it is possible for malicious individuals to take control of an airplane using a special framework and an Android app.

Teso - a security researcher and a trained commercial pilot - has demonstrated the results of his experiment to the crowd attending the Hack In The Box Conference in Amsterdam, and has shared that both the European Aviation Safety Agency (EASA) and the Federal Aviation Administration (FAA) were informed of his research and have been working on fixing issues it unearthed.

But according to the latest statements released by both the organizations and by Honeywell and Rockwell Collins, companies that provide avionics, information technology systems and aerospace systems to aircraft manufacturers and whose simulation equipment Teso used in his research, the attack he described is not feasible.

The Federal Aviation Administration has stated that it "is aware that a German information technology consultant has alleged he has detected a security issue with the Honeywell NZ-2000 Flight Management System (FMS) using only a desktop computer. The FAA has determined that the hacking technique described during a recent computer security conference does not pose a flight safety concern because it does not work on certified flight hardware. The described technique cannot engage or control the aircraft’s autopilot system using the FMS or prevent a pilot from overriding the autopilot. Therefore, a hacker cannot obtain 'full control of an aircraft' as the technology consultant has claimed."

The EASA pointed out that certifiable embedded software sports "robustness that is not present on ground-based simulation software,” and Rockwell Collins commented for Forbes that "today’s certified avionics systems are designed and built with high levels of redundancy and security, and that Teso's researcher "involves testing with virtual aircraft in a lab environment, which is not analogous to certified aircraft and systems operating in regulated airspace."

Airline pilot Patrick Smith who writes the popular "Ask the Pilot" blog has written his own comment on why the type of attack presented by Teso is not possible.









Spotlight

Internet Explorer vulnerabilities increase 100%

Posted on 23 July 2014.  |  Bromium Labs research determined that Internet Explorer vulnerabilities have increased more than 100 percent since 2013, surpassing Java and Flash vulnerabilities.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Jul 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //