Last week headlines regarding an Android App’s ability to hack an airliners’ in-flight systems computer once again invoked fear among travelers, however the reality is those fears exist in a virtual world scenario, not a real world scenario.
Hugo Teso, an IT security consultant with Germany’s n.runs AG, presented what appears to be some terrifying findings on the 10th of April at the Hack In The Box conference in Amsterdam. Mr. Teso detailed that he discovered and bypassed two vulnerable security flaws in the systems that deal with the communication between an aircraft and air traffic controllers. Using an Android mobile phone application Mr. Teso was able to hack the sin-flight computer system of a virtual airliner. The system Mr. Teso hacked is in fact a real in-flight computer systems that perfectly replicates the systems used by pilots and are used for flight training simulation by airlines around the world.
The information that Mr. Teso however did not address in his doomsday Hack In The Box presentation of mobile phones hacking in-flight systems and crashing aircraft are this … the systems he hacked, while ‘real’ for flight simulator training are not the actual systems installed on aircraft. Simulator software mimics the real world allowing pilots to train under many scenarios and constantly stay up to date, but these systems do not come with multiple security redundancies, nor are they connected to ‘the system’ in the same way the software would be in service on a real flying aircraft. In short, the software Mr. Teso hacked is not certified to work with fight hardware systems by any aviation authority in the world.
A factor Mr. Teso also failed to address, as he used his Android phone application to wreak havoc on the flight software, is this … the ability for a pilot to switch to manual, override the system, and fly the aircraft without using the flight computer inputs. Should an aircraft’s flight system put the aircraft in a dive towards the center of the city a pilot at the controls would be able to stop all of that, bring the aircraft level and continue flying safely and normally doing what they were trained to do as a pilot.
Finding vulnerabilities in aircraft flight systems is important, but there are many factors in place to seek out command errors, both on board the aircraft and in the air traffic control towers that would prevent a mobile phone, or outside system, from hacking into an in-flight computer and bringing down the plane.
You may hit some rough air and spill your drink as you fly from place to place, but that will be the work of Mother Nature, not the work of a hacker taking over your flight.
No sit back, relax, take out your phone (in Airplane Mode) if your flight has wifi, and enjoy your trip.