FAA and EASA Deny Claims of Airline Hacking
Following alarming claims made by German IT Consultant, Hugo Teso, regarding his ability to ‘hack’ into navigational systems of aircraft, using only an Android app, the FAA and the EASA have issued statements to the contrary; neither feeling that his claims pose any real threat to flight safety.
According to Information Week, the FAA state that it “is aware that a German information technology consultant has alleged he has detected a security issue with the Honeywell NZ-2000 Flight Management System (FMS) using only a desktop computer,” and adds that the app does not, “pose a flight safety concern because it does not work on certified flight hardware. The described technique cannot engage or control the aircraft’s autopilot system using the FMS or prevent a pilot from overriding the autopilot,” and says that, “a hacker cannot obtain ‘full control of an aircraft’ as the technology consultant has claimed.”
Teso claims to have carried out research, using the Android app in a closed, PC-based system with simulation software. He alleges that flaws in the Honeywell NZ-2000 Flight Management System, particularly in the navigational security systems, would render it simple to use on a live aircraft to perform ‘tricks’, such as letting the oxygen masks fall from overhead. On a more serious note, Teso goes on to allege that he could just as easily use the app to crash the plane into another aircraft during flight, which has, understandably, caused much panic in the aviation industry and public alike.
The European Aviation Safety Association (EASA) issued the following statement, “There are major differences between PC-based training FMS software and embedded FMS software. In particular, the FMS simulation software does not have the same overwriting protection and redundancies that is included in the certified flight software.”
Airline passengers across the world will be relieved to learn that Hugo Tero won’t be releasing details of his exploitation methods and will be working with aviation governing bodies to make sure that the systems are updated if it is proved necessary. The FAA and EASA cannot fully reassure concerns, however, as it remains to be seen whether the hack is a software issue or due to redundancies built into the systems, which, if proved, could lead to resourceful hackers finding other exploits or loopholes in the systems.