THIS ARTICLE WAS ORIGINALLY POSTED ON YAHOO NEWS AND WRITTEN BY CORY M. CLARK ON APRIL 14, 2014.
I have decided to re-publish this article due to recent events and the investigation into a hacker that sent a command to an aircraft. After being told this was not possible by numerous engineers and aviation professionals it has.
Worried about a bomb on a plane or the wing falling off? You should be more worried about the person sitting next you to with their cellphone. Imagine being able to turn aircraft systems off or being able tell the plane false GPS signals without ever getting out of their seat. Terrorism is entering the 21st century and the steps to prevent this new wave of terrorism is not being taken, but a group of security experts and researchers are working to change that.
Yong-Gun Chon the Vice President of SecureInfo, in a presentation to engineers at an ASCE meeting stated that cellphones, that are now allowed to be used during flight, pose a risk to aircraft because they can hack the systems. Hugo Teso, a commercial pilot and security consultant, created an application that can run on any android app that will allow him to hack into the aircraft and control it without ever leaving his seat. Teso claims that he could cause the aircraft to change direction sending it on a crash course with another aircraft or dropping oxygen masks. This is all made possible by technology in almost every commercial aircraft.
New technology that the Federal Aviation Administration is developing is completely insecure and, in fact, transmits information to aircraft that is unencrypted and is never verified. This is the ADS-B an Automatic Dependent Surveillance-Broadcast system which is a radar substitute and uses information such as position, velocity, and identification. This one system, since it is insecure, allows hackers to access aircraft information and is able to access other programs. Allowing the hacker to virtually control the aircraft. Hackers and terrorists also have the ability to jam the system, eavesdrop and impersonate an aircraft.
However, the Federal Aviation Administration had this to say, “The FAA has determined that the hacking technique described during a recent computer security conference does not pose a flight safety concern because it does not work on certified flight hardware.” Security researchers are at odds with this statement because in 2011 a United States Drone was lost in Iran, and is suspected to have been downed by hackers spoofing the global positioning system. Brian E. Finch, a contributor to the Huffington post, stated in an article “anything and everything can be hacked”.
Not only aircraft can be hacked as, Anthony Hariton, an 18-year old security researcher in college, will be showing how he is able to hack into passbook, an iPhone application, to create boarding passes for any flight. The student will be presenting the hack at a conference in Amsterdam for security researchers and hackers. Aircraft and boarding tickets aren’t the only things being hacked, important documents containing secure information can also be found across the internet. Airport master plans and emergency plans are accessible to anybody with an internet browser. Airport master plans give details regarding passenger operations, procedures for aircraft, and environmental concerns however, it also contains sensitive security information. Airport Emergency Plans, AEP’s, contain response protocols for all types of incidents occurring at the airport from bombs to heart attacks. If these documents fall into the wrong hands, they will have everything they need to carry out an attack.
As technology advances and hackers are able to find exploits aircraft are more susceptible to being taken over by a cellphone then by guns and bombs. Our airports need to keep important documents secure and encrypted in order to prevent attacks that exploit the airports weaknesses. Aviation is growing and technology is too, but security must remain a top focus.