On your next flight, you may want to look over your shoulder at what the person next to you is doing. Help Net Security reports:
An extremely well attended talk by Hugo Teso, a security consultant at n.runs AG in Germany, galvanized the crowd attending the Hack In The Box Conference in Amsterdam. Teso showcased an Andorid app, PlaneSploit, that remotely controls airplanes on the move.
Teso has been working in IT for the last eleven years and has been a trained commercial pilot for a year longer than that. By creating an exploit framework (SIMON) and an Android app (PlaneSploit) that delivers attack messages to the airplanes’ Flight Management Systems (computer unit + control display unit), he demonstrated the terrifying ability to take complete control of aircraft.
His testing laboratory consists of a series of software and hardware products. But the connection and communication methods, as well as ways of exploitation, are absolutely the same as they would be in an actual real-world scenario. Since it’s nearly impossible to detect the framework once deployed on the Flight Management System, there is no need to disguise it like a rootkit.
Teso says that he was pleasantly surprised by the reaction of the industry to his research and discoveries, as the companies didn’t try to deny the existence of the problems and have vowed to aid him in his research.