PlainSploit: Control the Plane

If the danger of using electronic devices on flights is not enough, what would you say about bringing down an aircraft using a simple Android?

The horror scenario, where any terrorist with Android could kill hundreds of people, not because of Android, God forbid, but because of a serious loopholes in the commercial flights security protocol and flight management software is now real.

These systems send text messages between aircraft and ground control towers, by using very high radio waves or satellite communications. The systems do not have any identification properties that can prevent wrong order transmissions. Using a dedicated application called PlaneSploit developed for Android by Hugo Teso it has been proved how easy it is to navigate a virtual plane in a lab environment.

First, the application can get all possible information about the plane – Identification, location, elevation and more.

Second, because as I mentioned above, the pilots in the cockpit have no ability to verify the authenticity of messages which they get from the “control tower”, the application could send messages that can cause them to perform dangerous acts – from landing down in the middle of nowhere, through a change in flight path direction and transferring control software, which can also lead to the overthrow of the plane.

Of course there is a significant difference between a proof of concept that something is possible in a laboratory environment and creating damage in the real world. The flight simulation software available to the public does not have the unique security features that actually exist in the official software, however it does point to possible security problems that also found in the official.

At the end of the day, the ultimate horror scenario could occur through careless pilots, and only when the autopilot is on, because at any given moment can ignore the pilot program and transfer the system to manual control. In this case, a hacker will be able to plant a commotion on the plane, for example, by causing the lights to flicker, or get the oxygen masks out of position.