Nowadays, there are apps for just about everything. Mobile devices have become critical tools in the personal and professional lives of many of us. However, the security protocols that go along with smartphones and tablets are often left on the back burner, which can lead to disaster – like the ability to hijack an airplane with an Android.
The Hack in the Box security conference in Amsterdam is always filled with interesting talks and demonstrations of what is capable with the latest technology in the hands of creative people. This year, the most talked about event was held by German security consultant Hugo Teso, who was able to take complete control of an aircraft remotely.
Teso noted that some knowledge of aviation and aircraft systems was needed but he was able to find flight management software on eBay to learn everything else. Then, he audited real aircraft code, searching for vulnerabilities to exploit, and used a lab with virtual airplanes as opposed to hijacking an actual jet in flight.
Help Net Security, who was present at the demonstration, explained in further detail what Teso was doing.
"By taking advantage of two new technologies for the discovery, information gathering and exploitation phases of the attack, and by creating an exploit framework (SIMON) and an Android app (PlaneSploit) that delivers attack messages to the airplanes' Flight Management Systems (computer unit plus control display unit), he demonstrated the terrifying ability to take complete control of aircrafts by making virtual planes 'dance to his tune,'" said an official?
The demonstration got into much more detail and technical jargon, but the frightening takeaway was that with some know-how and the right tools, an airplane can be hacked with an Android and a mobile application. This should help any business realize why IT security needs to be a top priority. Only with the right resources in place, like an experienced VAR or MSP, can a company be sure they are able to protect themselves from cyber attacks.