A hack that allows an attacker to take control of plane navigation and cockpit systems has been revealed at a security conference in Europe.
The exploit allowed security researcher Hugo Teso to use a Samsung Galaxy mobile phone to take control of flight and cockpit display systems running on the ground. The hack would allow him to change a plane's course and speed using the phone's accelerometer, he told the Hack In The Box Conference in Amsterdam yesterday.
He told Forbes he was able to use the exploit "to modify approximately everything related to the navigation of the plane".
Teso was able to compromise various onboard flight and communications systems running on second hand aircraft computer hardware.
He uploaded data to a Flight Management System, over the Aircraft Communications Addressing and Reporting System (ACARS), the communication relay used between pilots and ground controllers, which he says is largely unsecured.
It was by manipulating the Flight Management System that Teso said he was able to both change the cockpit display and change the direction, altitude and speed of the aircraft.
The researcher was also able to compromise the Automatic Dependent Surveillance Broadcast (ADS-B) system that relays an aircraft's position to ground controllers. Teso found he was able to eavesdrop on the system's communications over its 1MBps link, as well as blocking information and injecting data into link.
He claims the Federal Aviation Administration and the European Aviation Safety Administration are working on fixing the vulnerability.