The alarming issue of aircraft hacking with the Smartphone app designed by Hugo Teso continues this week as he claims he could create false ACARS messages that could distract pilots with false weather or air traffic information.
Since the current ACARS system uses no authentication, Teso, an engineer and pilot, who works for a German security company, declared it was possible to cause these disruptions from a Smartphone, while seated on the plane. He uses technology called ‘software defined radio’ to mimic the ACARS VHF frequency.
Teso, speaking at the ‘Hack in the Box’ conference in Amsterdam last week, says he bought second-hand Honeywell and Rockwell Collins Flight Management System equipment from eBay and extensively tested his app. His findings have led him to believe that he could produce malformed ACARS messages to trigger vulnerabilities in the flight management systems on certain aircraft, potentially giving a hacker a degree of control over the aircraft.
The U.S. FAA and the European Aviation Safety Agency (EASA) have dismissed his claims, highlighting the fact that he has only tested his app on flight training simulation software and not on the protected technology that exists on a real flight deck.
A spokesman for EASA said that no, “Potential vulnerabilities on actual flying systems,” have been shown, and that, “The simulation does not have the same overwriting protection and redundancies included in certified flight software.”
Although both agencies strongly deny the possibilities of interference through ACARS messages, Teso states that he is “working with EASA to improve the situation.”