It was only a few years ago in Tomorrow Never Dies that the idea of James Bond driving his car via remote control through his cell phone was far-fetched enough to be a stretch of technology. Today’s version of that story switches from cars to planes and, according to one man, is very real. Hugo Teso, a security researcher and private pilot, has claimed the ability to override the controls on a commercial aircraft using a mobile phone. And he’s got a demonstration available showing the hack.
The reported exploit takes advantage of a communications protocol known at Aircraft Communications Addressing and Reporting System (ACARS). This communication stream is, according to Teso, unencrypted and the aircraft system does not validate the input. Teso suggests that the lack of security on the ACARS interface could allow a third party to send commands to the plane’s systems and change its course, speed, or cockpit display data.
While Teso’s presentation suggests the potential for significant problems, not everyone is convinced the security hole exists as he’s described. An FAA spokesman has denied the exploit’s potential, noting among other things that the tests were conducted using training hardware rather than systems certified for use in commercial aircraft. From the statement, "The FAA has determined that the hacking technique described during a recent computer security conference does not pose a flight safety concern because it does not work on certified flight hardware. The described technique cannot engage or control the aircraft’s autopilot system using the FMS or prevent a pilot from overriding the autopilot."
Recommended Fodor’s Video
This sort of concern is not a new one in the industry. As far back as 2008 Boeing was considering implementing a single wiring infrastructure shared by both customer-facing and flight control systems. That plan was shelved after a bit of publicity and a response from the FAA. Of course, in that scenario there were no planes yet in the sky with that system installed.
We’re probably not in a situation where planes are going to be hacked by passengers in the back. Still, the concept is an interesting one and some discussion on the topic probably isn’t a bad thing, if only to understand what the real risks are (and are not).
Photo credit: Airplane cockpit via Shutterstock