HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
An Android Phone Can Hijack An Airplane?
- Thread starter HardOCP News
- Start date
![Zarathustra[H]](https://cdn.hardforum.com/data/avatars/m/9/9298.jpg?1707758471){kind=avatar}
Zarathustra[H]
Extremely [H]
- Joined
- Oct 29, 2000
- Messages
- 38,819
I just remembered this gem from back when bluetooth was first coming out 
Az Syndicate
Limp Gawd
- Joined
- Feb 15, 2002
- Messages
- 393
So want to unknow this as I get ready to take off....
ninjaturtle
2[H]4U
- Joined
- Dec 25, 2004
- Messages
- 2,327
Given that virtual planes have virtual pilots, I'm not surprised that he could make the virtual planes "dance to his tune".
To say that you could hijack an airplane is pure hyperbole. You may be able to send spoof messages to change headings and altitudes, but real pilots have radios and maintain voice comms with ATC. If the messages start to stray too far from the norm, I'm sure any competent pilot will start to question ATC.
To say that you could hijack an airplane is pure hyperbole. You may be able to send spoof messages to change headings and altitudes, but real pilots have radios and maintain voice comms with ATC. If the messages start to stray too far from the norm, I'm sure any competent pilot will start to question ATC.
Phoenix333
2[H]4U
- Joined
- Nov 27, 2009
- Messages
- 3,510
Hmm... article won't load, so I can't comment on that. Still, I'd think someone trying to hijack a plane with a phone would have difficulties since this is known about now. All it would take is this announcement over the intercom: "Attention passengers. Would you kindly beat the !@#$ out of the guy with the Android phone and hand the phone to the nearest flight attendant? He's trying to remotely crash the plane."
Zarathustra[H]
Extremely [H]
- Joined
- Oct 29, 2000
- Messages
- 38,819
he's doing it in a virtualized environment to prove out that it can be done on a real plane, without having to release the tools to do so on a real plane and giving lunatics out there easy access to do so.
That's pretty responsible IMHO.
I'm also pretty sure he doesn't want to try it for himself in the air for fear of crashing the plane, or winding up in serious trouble for having done so.
When planes and peoples lives are at stake is not necessarily the time to play Grey Hat.
Now that the industry is on board with fixing the issue, I'm sure he'll have some more testing opportunities with real hardware, even if it's just on the ground.
ta_erog
Limp Gawd
- Joined
- Dec 5, 2008
- Messages
- 192
Do not really understand the big hoopla ahould be more of a ya, duh . .
The OMGz "Android phone" part is rather lame as any computer can be used and the controller to the rest of the hardware. A modern phone or tablet is just handy because of size.
Also If anyone has the radio hardware to intersect and intercede with the telemetry it would not take long to be able to control it. people did not do it because it is a bad thing to do. Nowadays that is a good reason TO do it.
Just another system that was assumed secure just because it was obscure.
The OMGz "Android phone" part is rather lame as any computer can be used and the controller to the rest of the hardware. A modern phone or tablet is just handy because of size.
Also If anyone has the radio hardware to intersect and intercede with the telemetry it would not take long to be able to control it. people did not do it because it is a bad thing to do. Nowadays that is a good reason TO do it.
Just another system that was assumed secure just because it was obscure.
lol fail. Aside from the fact that planes employ a myriad of different computer systems, each often many generations different from the plane next to it (basically no two planes are alike) and the accompanying intimate detailed knowledge required of each to make a targeted attack, EVEN IF you managed to upload false flight data for navigational purposes and such, the planes are still under human control and intuition (hence the reason we still have pilots). I believe only the newest Airbus is actually fly by wire, (new boeing wouldnt surprise me). The rest still use hydraulic systems, of which there is nothing to take over control. The best you could do would be to invoke the auto pilot system and relay new headings, but that would instantly be overridden by pilot input. Plus the fact that the pilot has already memorized his route and to suddenly look down at his digital flight plan and see he's no longer going to Maine but instead to Florida would probably raise some alarms. Airline pilots still maintain heavy communication with ground control for pretty much everything they do, so it's not like they're suddenly going to deviate course because "dang I cant remember what altitude I'm supposed to be at". They'll radio in for confirmation before they do anything regardless of what the computer says, just to make sure flight towers in the area are aware of whats going on.
So this whole article is really just a big what-if-fantasy, totally untested in a real environment, with very little chance of success, and no chance of actually causing a problem.
So this whole article is really just a big what-if-fantasy, totally untested in a real environment, with very little chance of success, and no chance of actually causing a problem.
xX_Jack_Carver_Xx
2[H]4U
- Joined
- Jun 6, 2005
- Messages
- 2,542
I think the OMG moment is realizing that AQ could use this exploit to lie to the auto-pilot about what the plane's actual altitude is..... just enough to run it into a mountain, etc.
Unreal that this kind of vulnerability is even remotely possible.
Assuming you'd have the plane rely on beamed-in information about itself, at least 256bit AES encryption should be the minimum, and the encryption keys would need to be secrets on the level of fusion weapons designs.
Unreal that this kind of vulnerability is even remotely possible.
Assuming you'd have the plane rely on beamed-in information about itself, at least 256bit AES encryption should be the minimum, and the encryption keys would need to be secrets on the level of fusion weapons designs.
Ur_Mom
Fully [H]
- Joined
- May 15, 2006
- Messages
- 20,688
Yea, the article is whack. But, a proof of concept is enough to get the programmers of those systems to get to work to fix those "what-if"'s.
Wouldn't it suck to have those vulnerabilities pointed out to you, but since the initial code was not able to do it, you ignore it. Then, 6 months down the road something happens because the code and testing matured and finally was successful.
kbrickley
Supreme [H]ardness
- Joined
- May 13, 2012
- Messages
- 7,514
We'll just need to change the security level slightly ...
Thank you for flying Air Android
Thank you for flying Air Android
True, now that wireless transmission devices can be easily programmed in the palm of your hand, it's time for airplane wireless technology to be secured. This was just never a consideration in design 20 years ago.
You're making a lot of assumptions about what pilots do behind the closed door. Pilots are not perfect and there have been tons of cases where a plane has crashed because the pilot didn't understand what was going on with the system or the crew mistook, misread, or ignored instrumentation. The lokomotiv hockey team died because one of the pilots was stepping on the brake, preventing the plane from reaching adequate speed. Other (numerous) jets have crashed because the pilots didn't trust their altitude instrumentation, or couldn't figure out what was going on despite their airspeed being too low.
PhotoBobBarker
Weaksauce
- Joined
- Oct 20, 2011
- Messages
- 122
As noted before... The problem isn't with his method... it's with his method.
Unless he was able to physically interface with the transmitter's antenna... this would never work.
The amount of power that would be required to penetrate the skin of the AC and then reach a ground station would be so high as to make it not feasible. And trying to use the skin of the AC as the antenna... would take a lot more work than just sticking a wire or coupler to the exposed skin near the window. And then still have an issue with power (both generating the power and coupling that amount of power to the skin).
If he is just wanting to screw with the on-board computers... That could work... kinda.
Yes... on a FEW rare occasions, pilots do dumb stuff... But not very often. Commercial pilots have MANY flight hours under there belt. They also know how to act in emergencies.
And the hierarchy of information quality goes like this...
Pilot (his/her senses)
ATC
aircraft instruments
ATC (yes, them again)
If something is going screwy, they will know... If the plane is changing altitude in any meaningful way the ATC WILL contact the pilot to ask WTH is going on (Pilots don't get to just fly whatever path/altitude they want.. without prior approval)...
If the pilots see something going on (like the altimeter displays them a few thousand feet from where they should be... They contact the ATC... If the ATC confirms.. They correct... If the ATC's radar doesn't agree... They write it up in the AC trouble log (for ground crew to troubleshoot and fix).
The other problem is that even the so-called "glass cockpit" aircraft will have ANALOGUE (as in direct off of air pressure/humidity) altimeter and magnetic compass... And good luck to the hacker that wants to screw with that (I might advise a parachute if he wants to attempt this)
So... Yeah... he can screw with the on-board computer... But it's not going to accomplish much... unless it's with an absolutely green crew.
Anthony "Bob" Barker
Air Force Crew Chief (2003-2011)
Unless he was able to physically interface with the transmitter's antenna... this would never work.
The amount of power that would be required to penetrate the skin of the AC and then reach a ground station would be so high as to make it not feasible. And trying to use the skin of the AC as the antenna... would take a lot more work than just sticking a wire or coupler to the exposed skin near the window. And then still have an issue with power (both generating the power and coupling that amount of power to the skin).
If he is just wanting to screw with the on-board computers... That could work... kinda.
Yes... on a FEW rare occasions, pilots do dumb stuff... But not very often. Commercial pilots have MANY flight hours under there belt. They also know how to act in emergencies.
And the hierarchy of information quality goes like this...
Pilot (his/her senses)
ATC
aircraft instruments
ATC (yes, them again)
If something is going screwy, they will know... If the plane is changing altitude in any meaningful way the ATC WILL contact the pilot to ask WTH is going on (Pilots don't get to just fly whatever path/altitude they want.. without prior approval)...
If the pilots see something going on (like the altimeter displays them a few thousand feet from where they should be... They contact the ATC... If the ATC confirms.. They correct... If the ATC's radar doesn't agree... They write it up in the AC trouble log (for ground crew to troubleshoot and fix).
The other problem is that even the so-called "glass cockpit" aircraft will have ANALOGUE (as in direct off of air pressure/humidity) altimeter and magnetic compass... And good luck to the hacker that wants to screw with that (I might advise a parachute if he wants to attempt this)
So... Yeah... he can screw with the on-board computer... But it's not going to accomplish much... unless it's with an absolutely green crew.
Anthony "Bob" Barker
Air Force Crew Chief (2003-2011)
Aircraft don't rely on external sources for information such as current altitude and speed. For altitude they have radar altimeters (<5000') and barometric altimeters, both of which can feed the autopilot. There is no lying to the aircraft about what altitude it is at, merely lying to the autopilot what altitude it should maintain.
As far as I can tell, the only thing this can do is provide erroneous waypoints for the autopilot to follow or bad instructions to the pilots.
He can't take over the controls and actually fly the plane in any way that can't be easily overridden. Most autopilot systems can be overridden by simply applying a set amount of force to the controls, at which point the autopilot disengages. No need to touch an off switch.
OldBuzzard
Gawd
- Joined
- Jun 6, 2004
- Messages
- 911
At the very end of the article:
As for the "there aren't that many analogue instruments on a modern plane", all any competent pilot needs would be a compass, altimeter, and airspeed indicator. Everything else is just icing on the cake.
As for detecting the threat, just as soon as the airplane did something like a heading and/or altitude change that the crew wasn't expecting they would be looking for why it happened. It's not like the plane is going to change heading and/or altitude without the crew knowing that it's happening.
As for the "there aren't that many analogue instruments on a modern plane", all any competent pilot needs would be a compass, altimeter, and airspeed indicator. Everything else is just icing on the cake.
As for detecting the threat, just as soon as the airplane did something like a heading and/or altitude change that the crew wasn't expecting they would be looking for why it happened. It's not like the plane is going to change heading and/or altitude without the crew knowing that it's happening.
ClariorHincHonos
[H]ard|Gawd
- Joined
- Jun 25, 2007
- Messages
- 1,972
Yeah as a former AF conehead, my immediate reaction was "bullshit". Most phones don't even operate on the same freqs as this equipment, yet they are going to magically communicate?
FAA dismisses hacker claims -> http://www.informationweek.com/secu...ismisses-android-app-airplane-takeo/240152838
I mean obviously they would, but this whole scenario was utterly retarded. Guy hacks flight sim software running on Windows and claims the same could be done on actual unknown hardware running in a real plane. Stupid. Thats like saying because I hiked 30 minutes in the woods last weekend I'm prepared for Mt. Everest.
I mean obviously they would, but this whole scenario was utterly retarded. Guy hacks flight sim software running on Windows and claims the same could be done on actual unknown hardware running in a real plane. Stupid. Thats like saying because I hiked 30 minutes in the woods last weekend I'm prepared for Mt. Everest.
Hijacking doesn't necessarily mean someone grabbing the controls and yanking it into a hard bank, it can be more gradual, spanning several thousand miles. A lot of planes flightpaths seem to skirt borders and restricted airspace, so how noticeable would it be if someone were to change the waypoint or electronic flightplan a few miles into another countries sovereignty.
Anyone who believe this hype and thinks a guy int he back of the plane is going to pull out his phone and fly to Tahiti (or into a building) has been watching to much "War Games"
Yes, you might be able to nudge a plane by having it change altitude or direction by a tiny degree, but if you do anything major the pilot will notice. Yes, in theory I suppose you could co-ordinate multiple attacks and nudges to put two planes on a collision course, but FAA Towers and the not-blind-pilots will all see what's happening long before it's a danger.
I'd be more scared if they found a way to hack in and make the cargo bays open, be far more of a real risk... As I said, you might get a couple commands, and as long as the aircraft is not armed, it's not a real risk... (if you can initiate a LaunchMissile(all) command on an airforce fighter, THEN I'll start to worry)
Yes, you might be able to nudge a plane by having it change altitude or direction by a tiny degree, but if you do anything major the pilot will notice. Yes, in theory I suppose you could co-ordinate multiple attacks and nudges to put two planes on a collision course, but FAA Towers and the not-blind-pilots will all see what's happening long before it's a danger.
I'd be more scared if they found a way to hack in and make the cargo bays open, be far more of a real risk... As I said, you might get a couple commands, and as long as the aircraft is not armed, it's not a real risk... (if you can initiate a LaunchMissile(all) command on an airforce fighter, THEN I'll start to worry)
Actually, it has happened (plane going elsewhere, not the hacking). The plane went off course, and the pilots didn't notice they had entered Russian airspace. I can't recall if they were shot down or escorted out. They had no control tower since they were over international waters.
If you could get a non-paying attention pilot to turn the wrong way while taxiing, it could totally f-up the airport for a long time. Possibly hours before everything is normalized again. If they were really unlucky maybe a slight but no zero risk of a collision on the ground or in the air. I wouldn't dismiss this completely.
Ouch that could end bad. You dont f' with the Russians. Though if it was a passenger jet they were probably escorted out, I doubt even Russia would want the political backlash of shooting down civilians...
NOW THIS seems more likely, a disgruntled hacker "you screwed me over X ways, so I'm gonna f' up this airport for a while" Though the "danger" amounts 99.999% to just delays.