back to article FAA: 'No, you CAN'T hijack a plane with an Android app'

Aviation officials have taken a skeptical view of claims that it's possible to hijack a commercial aircraft using a smartphone, with both the US Federal Aviation Administration (FAA) and the European Aviation Safety Administration (EASA) issuing statements to the effect that it simply couldn't happen. On Wednesday, Spanish …

COMMENTS

This topic is closed for new posts.
  1. HCV
    WTF?

    Traveling this week on Southwest, they actually made a point that phones now had to be *off* during takeoff and landing -- most emphatically not just in airplane mode.

    This was new to me. Is this new bit of security theater in reaction to this hacker's claim, or is there some other reason they've turned up the silly? Are other airlines doing this as well?

    1. GBL Initialiser

      Been that way on SAS for at least 4 and a half years.

    2. Simon Harris Silver badge

      Pretty sure that's standard practice here (to and from the UK). They want all devices switched off during take-off and landing, but you can use phones in flight-mode and other devices for the bit between. It's been that way as long as I can remember.

    3. Rick Damiani

      Phones off

      @HCV

      I fly Southwest 2 or 3 times a month and have been for around 10 years now. They have been asking for phones to be off (not airplane or game mode) pretty much that entire time. Don't know about other airlines.

    4. Anonymous Coward
      Anonymous Coward

      Hijack...

      You can if you have one of those extra large Samsung phones which you can tie to a toothpick and use as a battle axe.

    5. Anonymous Coward
      Anonymous Coward

      Actually

      Actually, the new Dreamliners have 17 interface ports, 4 of them located in various positions in the passenger cabin area and one is in fact a USB port.

      The interface ports do take information from the central processing computer and the back up computers that cover any redundancies in the system but these are 'separate' from each other and the flight controls.

      The worrying aspect is that the separation is software based and not hardware based. The reason for this is that there is a specific need to ensure there are no software anomalies or conflicts when the flight system as a whole operates. Adjustments can be made to the software though this.

      And yes there is a laptop with a computer program that can be plugged into any of the 17 interfaces and check the system. The computer program is bespoke, so windows, android or iOS cannot talk to it....

      However if an android phone contained the software.... But it can't.... Yet.

      1. James Finnie

        Re: Actually

        There is nothing OS specific about USB, that is the whole point (U for Universal). Appropriate code under any OS could talk to this if it is electrically a standard USB port.

        There will no doubt be some top secret security-by-obscurity protection waiting to be breached.

        1. kissingthecarpet
          Trollface

          Re: Actually

          "Appropriate code" - that's rather broad isn't it? Do you write software patents in your spare time?

          Give me the "appropriate code" & I'll pwn the world!

      2. Wize

        Re: Actually

        "And yes there is a laptop with a computer program that can be plugged into any of the 17 interfaces and check the system. The computer program is bespoke, so windows, android or iOS cannot talk to it...."

        On this sentence alone, I declare it "Bullshit"

    6. Katie Saucey
      Windows

      Yeah

      I was on a BearSkin Airlines from ThunderBay to Timmons ON CA last week, 5 min into taxing they asked us to shut down everything electronic. I would have felt more comfortable if they would have asked we had extra duct tape in our pockets (seriously this was basically a crop duster).

      1. Anonymous Coward
        Anonymous Coward

        Re: Yeah

        A former colleague travelled a lot in West Africa, often on DC3's. In one case the pilot, an old white-haired African gentleman indeed did his "walk-around" with a roll of duct tape, covering up bullet holes along the way!

        The colleague explained that: "Nah - no worries, they know what they are doing".

        He would rather fly an ancient war-plane with an elderly pilot, who wears the plane like his own tweed-jacket, than any modern plane with two African youngsters straight out of flight-college in the cockpit.

        1. ScottAS2
          Thumb Up

          Re: Yeah

          As the standard response to someone worried about flying in an old aircraft goes: "How do you think it got to be so old?"

    7. Richard Neill

      This is particuarly stupid, given that, in flight mode, my phone will stay in flight mode till I unlock the screen with a code.. But in poweroff mode, I just have to bump the power button. So airplane+locked is safer.

      1. Annihilator

        "But in poweroff mode, I just have to bump the power button. So airplane+locked is safer."

        I've never met a phone that doesn't require at least a second of holding the power button to turn on, so I don't buy that.

        As for the airline chat at the beginning, they've just gotten wise to flight-mode and updated their chat. It was always "turn all electronic devices off", now they clarify "and we don't just mean flight safe mode".

        They also tell you to put it in flight safe mode and then turn it off if you're planning to turn it on again later. None of this is particularly new though - even cassette walkmans had to be turned off on takeoff/landing.

      2. James Finnie

        most airlines I've flown with tell you to put it in flight mode and then turn it off.

    8. Anonymous Coward
      Anonymous Coward

      Nothing new IME

      IME all of the U.S. and also Lufthansa internattion flights that I have been on require the devices to be shut off completely for 15-20 minutes at take off and also landing. I think this is intelligent safety precautions and certainly very reasonable. If people have a problem with such a minor request then they should take the bus or a freighter.

    9. Anonymous Coward
      Anonymous Coward

      Standard practice

      That is standard practice. Phones must be OFF during take-off and landing. They can be ON during cruise, but must be in airplane mode, unless the aircraft is equipped with an onboard basestation. I was on a flight last week, which had an onboard basestation, but required international roaming to be enabled to work, and was hideously expensive to use it. It was however free to receive SMS messages through it.

    10. Chris 3

      Basically they want you paying attention during take off and landing

      Not playing angry birds while safety announcements are being made or during the most dangerous parts of the flight

    11. MrXavia
      FAIL

      It's always been that way on flights I've taken.

      but the reason is not interference so much, but passenger awareness.

      If you are listening to something, or playing with a phone during take-off/landing, then you are not aware enough in an emergency, and while that might cost your life, it may also cost the lives of another passenger in an emergency!

    12. JohnG Silver badge

      Mobile Phones must be switched off

      From the CAA website:

      "Portable Electronic Devices (including mobile phones)

      The use of portable electronic devices for sending and receiving data and voice calls is not permitted on board aircraft after they have closed their doors.

      It may be possible to use a portable electronic device that has a transmitting facility in-flight, provided the transmitting facility is de-activated. This is often referred to as ‘flight safe mode’ or ‘airplane mode’.

      Some airlines allow customers to use portable electronic devices for transmitting data and calls if the aircraft is fitted with a system that supports this, but there may charge for this facility."

      On flights that I have taken with Lufthansa for at least the last five years, they always announce that the law requires mobile phones to be switched off when the aircraft leaves the gate and not be switched on again until inside the terminal building at the destination.

    13. Anonymous Coward
      Anonymous Coward

      Bollocks

      I always put my phone in flight mode but ne'er switch it off as that part is theatrical bollocks. I've flown over 40 times in the last six months and the plane doesn't seem to be affected. The other thing that tells me this is all theatre was an article I read somewhere (possibly even on the Reg) that had a statistic about the typical number of passengers that completely forget to do it. Phones in handbags, too busy reading etc.

      1. Esskay

        Setec Astronomy

        The number of theories for why phones have to be turned off demonstrates the quoted pilot's view that "Commercial aviation is a breeding ground of bad information"... And in many cases the airlines have only themselves to blame.

      2. Anonymous Coward
        Anonymous Coward

        Re: Bollocks

        "I always put my phone in flight mode but ne'er switch it off as that part is theatrical bollocks."

        Finally someone talking sense. My phone is always in silent mode and just stays that way in a pocket. What the flight crew don't know won't hurt them, and won't hurt anyone else either. If planes don't crash because people forget to switch off, they won't crash because I can't be bothered to switch off, either.

        1. Anonymous Coward
          Anonymous Coward

          Re: Bollocks

          No member of the flight crew (that's the pilots, specifically, not the cabin crew) cares if your phone is on but in flight mode. They don't switch theirs off for every take-off and landing, but they do go into flight-safe mode.

          However, the reason you're asked to put it into flight mode is because there is a small but not insignificant chance that it can interfere with some ground based navigation aids - specifically, the ILS (Instrument Landing System). This is - obviously - required for landing but in low visibility conditions provides lateral guidance during the take-off roll. I suspect the "turn it off completely" advice is more belts and braces than anything else.

          According to Airbus in an Operational Engineering Bulletin, there is "no chance" of a phone interfering with the plane's flight control system. The probability of it affecting the ILS localiser is about 1/1,000,000. Hence the request that it's switched off. While unlikely to happen with 1 or 2 phones transmitting, with 800 of them broadcasting the chances of interference are much greater.

      3. Anonymous Coward
        Anonymous Coward

        Re: Bollocks

        "I always put my phone in flight mode but ne'er switch it off as that part is theatrical bollocks. I've flown over 40 times in the last six months and the plane doesn't seem to be affected."

        And it probably normally isn't. However, what if your phone has a fault which results it transmitting something that intereferes regardless of airplane mode and it does cause an issue? Are you a qualified electronics and aerospace engineer?

        Yet you're quite happy to potentially risk hundreds of people lives because your too fucking lazy to follow the current air travel regulations and to just your precious phone off for 20 minutes?

        Hope it blows up in you pocket and blows your nuts off. Nothing important would seem to be affected.

  2. Darkwolf

    This sounds like a job for...

    the Mythbusters or at least the BOFH and his friendly sidekick the PFY.

    1. Curtis

      Re: This sounds like a job for...

      http://bofh.ntk.net/BOFH/1998/bastard98-24.php

  3. Crazy Operations Guy
    Flame

    I was thinking this was bogus

    I was wondering how he could even connect to the FMS and the other flight computers in the first place. These systems are fully air-gapped and there are no wireless links and no way to access these things without being in the cockpit or other engineering compartments which will be noticed immediately if any one accesses these.

    As for the Nav systems with the wireless links to the ground and satellites, it would be impossible for a phone to even rival the power output of these, and that's even if the Cabin wasn't shielded against EM and RF in the first place.

    1. Anonymous Coward
      Anonymous Coward

      Re: I was thinking this was bogus

      "These systems are fully air-gapped and there are no wireless links and no way to access these things without being in the cockpit or other engineering compartments ...."

      Don't you mean that you *hope* they are airgapped.

      In fact it seems quite likely that important systems are not truly airgapped at all. Hopefully they don't have a wifi or bluetooth interface, but the air-ground radio systems provide radio access, and he claims it is unencrypted.

      These are likely directly connected to flight information display systems and/or navigation, and they are probably connected to other systems.

      So this probably breaks the air gap, and reduces it to " well you can't push data in one hole and make it come out another one the designer didn't intend". History hasn't been too kind about that one.

      Now the in-flight entertainment system displays the current position, and airspeed. Unless they have put a separate GPS antenna + pitot tube on just for this, it probably has a data connection to the navigation system.

      -----

      So (about 2008) I got on a plane in BKK, and plugged my phone into the USB socket on the inflight tv thing (the type that lets you play your own photos and mp3s), as soon as I got seated (ie about an hour before we took off). When they started up the in-flight entertainment, well bugger me if it doesn't start to boot linux - I have a linux boot on the phones USB mass storage for an industrial tool, and the in-flight entertainment is booting off it, and happily scrolling the boot log. So next time I flew with them I brought a little mini usb keyboard and hub, and could merrily run linux console on the screen.

      Actually it didn't work out so well, because that time I was on a 15hour flight, and it wouldn't actually reboot back into the entertainment system.

      The linux console is more boring than even the worst movie (ok 50% of movies)

      So hopefullly this guy hasn't found out how to do it.

      But impossible?

      1. Anonymous Coward
        Anonymous Coward

        Re: I was thinking this was bogus

        The seat back entertainment system on Virgin Atlantic runs under linux, or it certainly did. One computer serves several seats.

        1. Anonymous Coward
          Anonymous Coward

          Re: I was thinking this was bogus

          Singapore Airlines seat back system is Linux too. The one on the A380 anyway at least. When they told us there was an engine problem, and proceeded to turn the plane off and on again... Running a play book even I could have come up with I got a glimpse of the bootloader.

      2. Richard 12 Silver badge
        Happy

        Re: I was thinking this was bogus

        The moving-map feed for the 'on-demand' entertainment is probably simply a separate GPS receiver.

        - I'm reasonably sure it's separate because the height values have been wrong for my last few flights where it's been running on the ground.

        Even if it does get the data direct from the flight instruments, the sane way to do this would be a unidirectional RS232 link - only one direction physically wired - streaming the current position and speed data into the moving map.

        1. IR

          Re: I was thinking this was bogus

          Aircraft GPS typically output in ARINC 429 words. A429 is unidirectional. Very little room for anything weird at all, at worst you'd invalidate the signal and the aircraft would ignore it, and that's assuming that your device is hooked up to the same transmitter as an aircraft system.

  4. Anonymous Coward
    Anonymous Coward

    "Therefore, a hacker cannot obtain 'full control of an aircraft' as the technology consultant has claimed."

    Do hackers include rootkits in ALL unwantedware that makes a computer operate in a way that it wasn't designed to?

    "The statement went on to explain that although Teso may have been able to exploit aviation software running on a simulator, as he described in his presentation, the same approach wouldn't work on software running on certified flight hardware."

  5. Malcolm Weir Silver badge
    Terminator

    These responses, while likely reasonable from a purely practical standpoint, serve primarily to obscure the significance of the allegations.

    Sure, in good weather and low stress conditions, pilots will notice bogus information... but what if the weather and stress levels are bad? Again, it's likely that the risk is low, but...

    ... why the heck AREN'T the digital radio messages signed?

    Basically, they're saying that, while the door is never locked, it's hard to find and someone would notice if you walked in. All true, but why not turn the key, too?

    1. Anonymous Dutch Coward
      Facepalm

      "We pilots always check what the automatic systems are doing"

      .... well, I seem to remember a Air France crash in the Atlantic where the pilots had no idea what the plane was doing when taking back control from the autopilot.

      Also, I'd trust the FAA as far as I could throw them with their "regulated airspace". What does it mean that the airspace has rules if somebody does not play by the rules?

  6. skeptical i
    Devil

    And we're sure this isn't advance work for another Bruce Willis flick?

    "Fuck Off and Die Hard" or something?

  7. frank ly Silver badge

    We must listen to experts

    " ....using only a desktop computer." the agency wrote, making something of a muddle of the facts."

    If they can't be bothered to get simple reporting right, what makes anyone think they got the rest of it right?

    The history of electronic/computer security is a history of people saying, "As a recognised authority in this field, I/we can tell you that this can not happen and the system is secure."

  8. Anonymous Coward
    Anonymous Coward

    Reassuring

    But I hope the FAA and other AAs aren't just going to rest on a quick expert response. At the very least it has been shown that there is altogether too much information available on the inner working of flight systems. It would be wise to quietly demand a detailed analysis from all providers of such systems as to why this exploit cannot work.

    1. Anonymous Coward
      Anonymous Coward

      Re: Reassuring

      We checked with the expert we are paying over the odds for, they said "no, I'd never make a mistake", thus we trust them. ;)

  9. JaitcH
    WTF?

    Why would you ever believe a government, specially the US Government, say?

    Although I concede assuming the control of, or even seriously disrupting an aircraft, with an Android OS handset is likely very remote ANY claims made by government should be taken with a fistful of salt.

    I remember when the late Yasser Arafat and his Merry Men were recycling aircraft in the Middle Eastern deserts, the Foreign Office tossed high-powered SSB communications systems in to primarily the BA predecessors aircraft without much testing. So if a 200-300 watt HF SSB set passed muster, why would a 0.3 watt Android cause concern?

    Likewise, BOAC aircraft did long range testing of other government systems. Decca Navigator had equipment aboard many BOAC flights to Moscow to test coverage for potential RAF bombing use (some of the lane ID signals were lost although the 4 main frequencies were fine).

    The recent DEA claim that it couldn't 'hack' iThingy messaging systems was most likely a ham fisted attempt to persuade their potential clients to use an open door which they happily monitor, trolling for new business.

    Social drug dealers should continue to cross-post messages on travel web sites, as they do now, avoiding any that are hosted in the USA such as Trip Advisor or LP. The avoidance of any cell handset communication in and around Thailand is recommended for them, too.

  10. Dodgy Geezer Silver badge
    Stop

    Only aviation?

    ..."and the extent to which different myths, fallacies, wives' tales and conspiracy theories have become embedded in the prevailing wisdom is startling."..

    Why should aviation be any different? Almost ALL aspects of human endeavour are full of myths and stories. Read Snopes.

    Sometimes I wonder how scientists ever manage to advance or engineers manage to design things. Making up stories seems to be so bound up in the human psyche. The current philosophy of 'PostModernism' actually cements this idiocy by claiming that 'what you think is happening' has as much validity as 'what is actually happening'.

    Very much like Climate Science...

  11. hammarbtyp Silver badge
    FAIL

    The 4 stages of security response

    First they ignore you

    They they say there is no risk

    Then they say there is a risk, but it is not exploitable

    Then you are hacked.

    The most worrying statement was "For more than 30 years now, the development of certifiable embedded software has been following strict guidance and best practices that include in particular robustness that is not present on ground-based simulation software."

    Yes, for safety, but as anyone who has developed secure embedded systems will tell you a different mindset is needed compared for safety assured systems since with safety the faults are not actively trying to locate and exploit weaknesses(although it does feel like they do sometimes).

    Probably there is no risk, but that is no excuse for trying to sweep these things under the carpet

    1. Syntax Error
      FAIL

      Re: The 4 stages of security response

      completely agree with you. Embedded systems never consider security they consider functionality. In this case it does not matter that pilots can overide tampering of aircraft controls its the fact that they can be altered that will distract pilots and thus cause accidents. For a more detailed explanation of this problem and respomse from pilots see http://arstechnica.com/security/2013/04/hacking-commercial-aircraft-with-an-android-app-some-conditions-apply/

  12. Adam 1 Silver badge

    assuming this is true...

    How does the exploit access the flight control system?

    A pretty big obstacle would be to send it data at all without being somewhere where passengers tend to not be permitted to go.

    1. Anonymous Dutch Coward

      Re: assuming this is true...

      AFAIR using a radio transmitter using the same mechanism the airline itself uses to transmit operational data to the aircraft (could be EICARS, can't be bothered to look it up)

  13. Anonymous Coward
    Anonymous Coward

    Damn, another lost opportunity ..

    .. to ban Android phones.

    Next week: how iOS ruins GPS navigation - are they an iRisk?

    Following week: Windows phones: threat in the clouds? How viruses board aircraft.

    Get your adverts placed now - do not miss out on the furore as the FAA may decide to ban phones from planes altogether. (won't happen, but a bit of conjecture adds to the page impressions). Etc.

    Sorry, I'll fly regardless. If it happens, it happens. It won't take long, and there will be less chance to survive it as a near vegetable as with a car accident. I'd be more worried about stuff like batteries on the new planes, and intelligent people must have noticed that those planes landed safely too despite the problems, proving that the system works and things get found out. Personally, I would welcome an end to the security theater because it's costing a fortune that can be more productively spent elsewhere, like healthcare.

    1. 404 Silver badge

      Right... about... THERE!

      " I'd be more worried about stuff like batteries on the new planes"

      Pretty sure they have been making batteries for many, many, years now. Settled science you might say..... yet batteries are catching on fire on the new Boeings and they are not sure why.

      Extrapolation: They say "Our software is Bulletproof", yet heavily defended gov orgs like, oh say, the Pentagon gets 'hacked' on a daily basis. With who they consider the best experts in the field, yet it_still_happens.

      Kinda sets the stage for a massive, deadly, <facepalm> at some point in the future.

      1. Anonymous Coward
        Anonymous Coward

        Re: Right... about... THERE!

        Um...you do know they were lithium batteries which have known issues, not NiMH or NiCd batteries which are extremely safe and reliable?

        1. M Gale

          Re: Right... about... THERE!

          "not NiMH or NiCd batteries which are extremely safe and reliable?"

          Sarcasm, I hope?

          If not, try getting any suitably beefy rechargeable battery and sticking a coat hanger across the terminals. See how long it takes for the hanger to melt or the battery to bust a seal.

          As for reliability.. with NiCad? The battery technology you have to flatten in order to charge up again properly?

          Lithiums might need to be treated gently, but so long as you do, they're heaps better than any NiCad and have tremendous capacity to weight benefits over NiMH.

          1. Anonymous Coward
            Anonymous Coward

            Re: Right... about... THERE!

            Reliability is not the same thing as tolerance of operation outside the defined envelope. Of course I can damage a large cell by shorting it. That's why we have circuit breakers and fuses. Your comparison of shorting a NiCD with "Lithiums might need to be treated gently" is what is known in the philosophy trade as a "straw man argument".

            You appear to miss an important point. Modern battery chargers can deal with the vagaries of batteries. The 4-stage chargers used for marine lead acid batteries do clever things like periodically stopping charging to measure the relaxation voltage, periodically applying an anti-sulphation overvoltage, and deciding when to switch from current to voltage control. They are not fitted on cars which is one reason why car batteries have such short life. Similar charging regimes exists for NiMH and NiCD, which is why NiMH traction batteries last so long. On the Dreamliner something went wrong that was supposed to have been designed out of the system.

      2. Yag
        Trollface

        "yet batteries are catching on fire on the new Boeings"

        No, no... this was only a thermal runaway leading to cell venting, which is a protective feature of the battery... Airplane systems functioned as intended!

        (Reference to http://787updates.newairplane.com/Boeing787Updates/media/Boeing787Updates/Certification/Webcast/Boeing-787-solution-presentation-English.pdf - As usual, the PR dept. gets far better funding than the engineering dept.)

  14. Sonny Jim
    Stop

    Every article I've seen about this neglects to mention the most important thing

    You need a computer (Laptop/Phone/Whatever) and a TRANSMITTER in the form of an Software Defined Radio. You can then spoof the various signals the plane receives, such as ACARS, TCAS, GPS etc.

    An SDR is fairly bulky and probably wouldn't make it through secuirty, so I question the validity of this guys claims.

    1. Robin Bradshaw
      Alert

      Re: Every article I've seen about this neglects to mention the most important thing

      "An SDR is fairly bulky and probably wouldn't make it through secuirty, so I question the validity of this guys claims."

      http://www.ettus.com/ <expensive yes, bulky no

      If by fairly bulky you mean about the size of a book then yes its bulky, and since the ettus stuff comes in a nice shiny white professional looking box i have little doubt it would pass security, yeah if you tried to take a bare pcb with loose wires and tape holding it together id expect some raised eyebrows (but you just put it in a nice pelican case with a professional looking sticker saying "industrial prototype property of aperture labs" and it will probably still pass)

      1. Sonny Jim

        Re: Every article I've seen about this neglects to mention the most important thing

        Fair comment, although I have to admit I've taken a variety of PCB's and power supplies in my carry on baggage and I've only ever had them comment on it once (about my Tokyoflash "Pimpin ain't easy" watch).

        Still, the headline "Phone + expensive transmitter can be used to hack planes" doesn't have the same ring to it ;-)

        1. Anonymous Coward
          Anonymous Coward

          Re: Every article I've seen about this neglects to mention the most important thing

          The only time I remember anyone getting stopped was when a colleague took 5000 sample tantalum capacitors to Germany at the time of the Red Brigades. They look just like detonators. He spent five hours in a room with a man with a submachine gun before a hastily summoned expert pronounced them harmless (and gave him a lacture about having proper paperwork in future).

        2. Intractable Potsherd Silver badge

          Re: Every article ... @ Sonny Jim

          "Still, the headline "Phone + expensive transmitter can be used to hack planes" doesn't have the same ring to it ..." But how does the headline "Phone + trivially-inexpensive-to-bad-guys transmitter can be used to hack planes" sound? "Expensive" is a function of many things, not just financial cost.

    2. Frankee Llonnygog

      Re: Every article I've seen about this neglects to mention the most important thing

      The guy claimed he could hack the software, not that he could evade airport security. As I said in a comment on the previous story, you could set this up on a laptop in a piece of checked-in baggage, and program it to play back your exploits at the appropriate time. That way, you don't have to be on the plane.

    3. Malcolm Weir Silver badge

      Re: Every article I've seen about this neglects to mention the most important thing

      Why wouldn't a SDR make it through security? The thing isn't a weapon, explosive or liquid, so on what grounds would someone deny you from carrying it on board?

      I've carried X-ray opaque metal boxes on board aircraft many times; depending on where you are, security may choose to swab the device for residue, but in some airports, they don't even do that.

      For example, true dialog with TSA after a Pelican case containing one of my opaque metal box goes through X-ray:

      TSA: "What's in the case?"

      Me: "Airborne Data Recorder."

      TSA: "OK, have a good flight".

      Really. They waved it through. Of course, that was at SEA-TAC, and people carrying random bits of aircraft stuff is probably more common than at, say, Santa Rosa, California.

    4. GavinC

      Re: Every article I've seen about this neglects to mention the most important thing

      ... and every post I have read about this fails to realise this is a GROUND based attack! You do not need to evade airport security, and you do not need to be on the aircraft. You use a radio transmitter to transmit a message up to the aircraft flying within range of your transmitter.

  15. Anonymous Coward
    Anonymous Coward

    c't cartoon

    I remember a cartoon in c't once which showed a passenger looking at a laptop on the screen of which was

    Bluetooth searching

    A320 identified

    Pair with A320?

    Well, I thought it was funny.

    1. Anonymous Coward
      Anonymous Coward

      Re: c't cartoon

      This isn't the original, but it's the one to which you refer:

      http://www.trigger.is/fun/bluetooth_airbus.jpg

      I thought I remembered it as Boot, Retry or Ignore.....

      But it is prompting to run autoconfig.

  16. Sig101

    Hijacking with an android app

    How absurd to think that one can Hijack an airplane with an android app. You obviously need an IPhone for that.

    1. This post has been deleted by its author

  17. Boris S.

    Really?

    How many times have we heard that other digital events could not happen yet they eventually do happen? While hackers may not be taking control of a plane tomorrow, that doesn't mean they won't eventually figure out how to use portable devices to do so. I say for the most part that the industry and authorities are naive and way over-confident in their ability to maintain system security.

  18. Anonymous Coward
    Anonymous Coward

    they should make it illegal for this evil terrowist man to buy

    important plane parts and schematics and just use them for satanic purposes NO! we shold not allow this and we should put him in gitmo with the other trouble makers

  19. Anonymous Coward
    Anonymous Coward

    Why not

    Have the dude try it on a real plane ....

    While the overly paranoid will reject the results (yes, the earth is flat, man never made it to the moon and 9/11 was the work of the CIA) the rest of us almost normal can move on

    Till then I add this to my list of things to worry about, it falls right after getting hit by a meteoroid while picking up my massive winning from the big lottery.

  20. Anonymous Coward
    Anonymous Coward

    Off topic

    Anyone else keep misreading the "hacker's" name as Tesco ?

    1. Gollum_HKT
      Happy

      Re: Off topic

      And there I was thinking it was just me.

  21. Anonymous Coward
    Anonymous Coward

    The appropriate response...

    ...is to ban operation of all electronics during flight with the excesption of the shielded PC hardware installed in the aircraft. Those who have a problem with this should ride a bike to their destination.

    1. Steven Roper
      Flame

      The appropriate response...

      to nannies like you is to lock you securely in a little rubber room where you can be safe and sound from all the nasty tewwible evil things that can go wrong in life and in the world.

  22. Will Godfrey Silver badge
    Meh

    Oh well

    I don't take my phone on the plane anyway. When I'm on holiday the rest of the world doesn't exist (family know how to contact me).

    P.S. Holiday is the only time I fly.

  23. Phil Endecott Silver badge

    Pilot skill

    I would take the claims that the crew are always in control a bit more seriously if I hadn't read the details of the Air France Brazil Atlantic crash here on the reg. The pilots were presented by confusing data by the flight systems and the autopilot disengaged, and they did exactly the wrong things in response. If this sort of attack could "only" cause the crew to see wrong data, I would still be very worried indeed.

  24. Anonymous Coward
    Anonymous Coward

    Really?

    I suppose you can't hi-jack a plane with a pocket knife, box cutter, credit card or hair comb? There are some really naive people in authority.

  25. This post has been deleted by its author

  26. C-N

    Implying that the FAA would know. lol

    Obligatory Dilbert: http://search.dilbert.com/search?w=Flight++laptop&view=list&filter=type%3Acomic

  27. Don Jefe
    Happy

    Risk Management

    I commented the other day that this sort of thing had been discussed in the past & how it was considered low risk. That was before some researcher, gagging at the chance for his five minutes, started blabbing. After reading more about what he did I'm inclined to agree with the FAA: He successfully hacked a bodged together simulation in a completely out of environment situation. His experiment compared apples to doughnuts & succeeded only in scaring people without cause.

    Sometimes (read: lots) things are not talked about because the real risk is infinitesimally small but Joe Public really sucks at risk assessment, always looking for a chance to highlight someone else's 'failures'. Many times not bringing attention to something is the best strategy, not because of security (which hasn't changed in this case, it still isn't possible) but because of the secondary impacts of foolish people. Now passengers will be scared of anyone operating a device in flight because they might be 'hacking the plane'. God help you if you are brown & have a Galaxy Note...

  28. Wzrd1

    So, a simulator that uses the same firmware components as the real aircraft can be hijacked, but the real aircraft using the same firmware, but then uses hydraulics cannot?

    OK.

    Not a lie designed to deflect any attempts at all. It's real.

    IGNORANCE IS STRENGTH

    FREEDOM IS SLAVERY

    WAR IS PEACE

    Or some other Orwellian BS.

    Rather than asking the company who made the components if the issue was real. Remember Microsoft's initial and extended response to the ping of death? Switch their FTP servers to Sun...

  29. Harry Barracuda

    They would say that wouldn't they?

    "Whatever data finds its way into the FMS, and regardless of where it's coming from, it still needs to make sense to the crew. If it doesn't, we're not going to allow the plane, or ourselves, to follow it.".

    Is that supposed to reassure us?

    http://en.wikipedia.org/wiki/Air_France_Flight_447

  30. Panicnow
    Facepalm

    Missed points

    1) A hi-jacker will ignore the instruction to turn off!!!!!!

    Corallary, give the flight attendants a sniffer to identify powered on devices ( UNPOPULAR!!!)

    2) The report said the remote positioning stuff isn't encrypted, so the spoofing hack could

    be done on land too. - If the Iranians can steal a UAV,,,,

    Stay at home and save the planet ( And yourself)

  31. Ian 49
    Stop

    FMS routing changes

    Has anyone here actually considered that when changes in flightplan/cruise level, etc. are sent to an aircraft's systems, they do not "just happen" and require the crew to accept them before they take effect?

    The crew are flying along towards Miami and suddenly the FMS brings up altered flightplan information redirecting them to Havana. They look at the displays, scratch their heads briefly (the aircraft at this point is still following the original flight plan), talk to Centre/Center, then say "stuff that" in an American accent and press "cancel", causing the aircraft to keep following the original accepted flight plan to Miami.

    Yes, if you hacked enough systems, you could probably bypass that, but it would take a lot more than just injecting new information via the ground-to-air link through ACARS which is what I understand this "hack" does from the information provided.

    1. Marcelo Rodrigues
      Black Helicopters

      Re: FMS routing changes

      True. Now, think about this:

      1) The autopilot will do the landing. I don't know how common it is, but it's not rare.

      2) Send the wrong altitude, off by 2 or 3 meters.

      3) Enjoy.

      Or I got this wrong, and the system in question is not linked to the autopilot?

  32. Sirius Lee

    Not quite what Teso said

    The big bold print, copying some words from a blog, doesn't really respond to the assertions Teso made. As I recall, Teso claimed he was able to input information into the FMS but made no claims to be flying the plane. Whether that information makes sense to the pilot(s) depends on context. Clearly information that reports they are at ground level when the pilots are clearly able to see they are flying is going to appear to be nonsense. However if the information Teso claims can be input is more subtle might the pilots be unable to determine that it is wrong?

  33. Anonymous Coward
    Anonymous Coward

    not the same environment

    "He successfully hacked a bodged together simulation in a completely out of environment situation. His experiment compared apples to doughnuts & succeeded only in scaring people without cause."

    what worries me is that the simulation software is not exactly the same as the software on a flight! There could be issues/bugs/timing issues with the software running on the hardened/protected hardware that do not show up on the simulator in certain situations.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019