The Federal Aviation Administration is strongly denying a claim made at a hacker conference in Amsterdam that airplane navigation systems can be hacked in-flight using a mobile phone application and some cheap software.
Hugo Teso, a security consultant for the German information technology firm n.runs, recently told attendees at the Hack in the Box security conference that he had found a vulnerability in airplane flight computers that could be exploited using only an Android smartphone app, a radio transmitter and flight management software he purchased on eBay. Teso did not use actual flight computers, but claimed to be able to effectively emulate their software in his demonstrations of the supposed exploit.
The vulnerability, Teso said, would allow a hijacker to remotely redirect an aircraft’s flight path, and even send planes crashing to the ground.
But when asked by The Daily Caller about the presentation, the FAA, which regulates aircraft safety standards in the U.S., said Teso’s findings were inaccurate.
“The FAA is aware that a German information technology consultant has alleged he has detected a security issue with the Honeywell NZ-2000 Flight Management System (FMS) using only a desktop computer,” said Les Dorr, FAA spokesman, in a statement to TheDC.
“The FAA has determined that the hacking technique described during a recent computer security conference does not pose a flight safety concern because it does not work on certified flight hardware,” he said.
“The described technique cannot engage or control the aircraft’s autopilot system using the FMS or prevent a pilot from overriding the autopilot,” said Dorr.
“Therefore, a hacker cannot obtain ‘full control of an aircraft,’ as the technology consultant has claimed,” said Dorr.