Hugo Teso said on Wednesday while speaking at the Hack conference in the Box Security Summit in Amsterdam, that over the past three years he has developed a code named SIMON and accompanying Android-based app called PlaneSpoilt that can be used to hijack planes. Teso is a commercial pilot and a German security consultant.
At the summit, Teso used a flight simulator to demonstrate how PlaneSpoilt works. The app is able to change the direction, altitude and speed of a virtual plane by sending radio signals to its flight management system.
According to Teso, current security systems are not equipped with strong enough authentication methods to determine if the source is legitimate. After his presentation, Teso told Forbes:
You can use this system to modify approximately everything related to the navigation of the plane. That includes a lot of nasty things.
Teso also mentioned that the device could be used to change what is displayed on the pilot’s screen or turn the cockpit lights off. He says with the Android app he can remotely control the plane by tapping “reload commands.”
Teso said SIMON was designed purely for the virtual world, and according to analyst Graham Cluley of Sophos Security, the exact potential of this app still needs to be tested.
No one else has had an opportunity to test this researcher’s claims as he has, thankfully, kept secret details of the vulnerabilities he was able to exploit. We are also told that he has informed the relevant bodies, so steps can be taken to patch any security holes before someone with more malicious intent has an opportunity to exploit them. From the sound of things, this researcher has got himself a lot of media attention, but still believes in responsible disclosure, rather than potentially putting aircraft and passengers at risk
Teso has reportedly contacted the companies that his system has exploited, as well as contacting aviation authorities in both the United States and the United Kingdom.
[Source: CNN News]
Hey Guys - thought I’d just give a quick reach-around and say a big thank you to our rea...
[imagesource:CapeRacing] For a unique breakfast experience combining the thrill of hors...
[imagesource:howler] If you're still stumped about what to do to ring in the new year -...
[imagesource:maxandeli/facebook] It's not just in corporate that staff parties get a li...
[imagesource:here] Imagine being born with the weight of your parents’ version of per...