Skip to content

FAA: ‘No, you CAN’T hijack a plane with an Android app, maybe a plane simulator but not an actual aircraft!

April 15, 2013

By Neil McAllister in San FranciscoGet more from this author

Posted in Security, 13th April 2013 00:08 GMT

Free whitepaper – IT infrastructure monitoring strategies

Aviation officials have taken a skeptical view of claims that it’s possible to hijack a commercial aircraft using a smartphone, with both the US Federal Aviation Administration (FAA) and the European Aviation Safety Administration (EASA) issuing statements to the effect that it simply couldn’t happen.

On Wednesday, Spanish security researcher Hugo Teso gave a presentation at the Hack in the Box conference in Amsterdam in which he claimed he had developed an Android app that could allow him take control of an airplane by feeding misinformation into its in-flight communications systems.

Hardly, said the FAA in a statement to news agencies on Thursday.

“The FAA is aware that a German information technology consultant has alleged he has detected a security issue with the Honeywell NZ-2000 Flight Management System (FMS) using only a desktop computer,” the agency wrote, making something of a muddle of the facts.

The statement went on to explain that although Teso may have been able to exploit aviation software running on a simulator, as he described in his presentation, the same approach wouldn’t work on software running on certified flight hardware.

“The described technique cannot engage or control the aircraft’s autopilot system using the FMS or prevent a pilot from overriding the autopilot,” the FAA’s statement explained. “Therefore, a hacker cannot obtain ‘full control of an aircraft’ as the technology consultant has claimed.”

Iowa-based Rockwell Collins is one of the companies that makes the kind of aviation systems that Teso alleged to have pwned in his research, and in a statement obtained by Forbes, it concurred with the FAA’s conclusions.

“Today’s certified avionics systems are designed and built with high levels of redundancy and security,” a company spokesman said. “The research by Hugo Teso involves testing with virtual aircraft in a lab environment, which is not analogous to certified aircraft and systems operating in regulated airspace.”

The EASA chimed in with a statement of its own, saying, “For more than 30 years now, the development of certifiable embedded software has been following strict guidance and best practices that include in particular robustness that is not present on ground-based simulation software.”

Doubtless there will still be some Reg readers thinking, “Ah, but they would say that, wouldn’t they?” So take it from writer and airline pilot Patrick Smith, author of the Ask the Pilot blog, who explains that even if it were possible to override an aircraft’s systems remotely, it probably wouldn’t matter:

The problem is, the FMS … does not directly control an airplane the way people think it does, and the way, with respect to this story, media reports are implying. Neither the FMS nor the autopilot flies the plane. The crew flies the plane through these components. We tell it what to do, when to do it, and how to do it. Whatever data finds its way into the FMS, and regardless of where it’s coming from, it still needs to make sense to the crew. If it doesn’t, we’re not going to allow the plane, or ourselves, to follow it.

Incidentally, Smith has spent much of his writing career debunking scare stories about aircraft and aviation, which he says crop up far too often.

“Commercial aviation is a breeding ground of bad information,” Smith writes in his blog’s About page, “and the extent to which different myths, fallacies, wives’ tales and conspiracy theories have become embedded in the prevailing wisdom is startling.” ®

AAAE Security SmartBrief

April 15, 2013

30,000-Foot View

TSA to proceed with policy change on small knives
The Transportation Security Administration is moving ahead with a policy change on April 25 that will allow passengers to carry small folding knives. TSA Administrator John Pistole has not changed his mind on the policy despite opposition from flight attendants. Los Angeles Times (tiered subscription model) (4/15)

Security Update

No bomb scare, just a sandwich at JFK
Jason Michael Cruz and Matthew Okumoto were detained at New York’s JFK airport Thursday after an officer overheard Cruz tell his friend he had “the wrong kind of bomb.” It was later revealed that he was talking about a sandwich dubbed “The Bomb.” New York Post (4/13)

Trends & Technology

United celebrates Earth Month with fuel-conservation goal
United Airlines has set a goal to conserve 85 million gallons of fuel in 2013 in honor of Earth Month. “I am proud of the actions we take every day throughout the year that help shape a more sustainable future for our customers, our co-workers and the communities we serve,” said United President and CEO Jeff Smisek. American City Business Journals/Chicago (4/12)

Airlines raise airfares by $4
Delta initiated a price increase of $4 on most round-trip flights on Thursday. The increase was quickly matched by United, American Airlines, Southwest Airlines and JetBlue, making it the first successful broad-based airfare increase of the year. Chicago Tribune (tiered subscription model) (4/12)

Android app is not capable of hijacking planes, FAA says
The Federal Aviation Administration and the European Aviation Safety Administration are refuting claims by a technology consultant that aircraft can be hijacked with an Android app. “The described technique cannot engage or control the aircraft’s autopilot system using the FMS or prevent a pilot from overriding the autopilot,” the FAA said. The Register (U.K.) (4/13)

Safety Matters Spotlight

Boeing 737s receive inspection order from FAA
The Federal Aviation Administration has ordered inspections on pins used to attach tail panels to the fuselage for Boeing 737 jets. The pins may suffer from corrosion due to “an incorrect procedure used to apply the wear and corrosion protection surface coating,” the FAA said. The Wall Street Journal (4/14) Google/Agence France-Presse (4/14)

Policy & Regulatory

Lawmakers ask FAA for rationale on tower closures
Lawmakers are asking the Federal Aviation Administration to provide the rationale for plans to close 149 air-traffic control towers. “It is deeply troubling that the agency seems intent on proceeding with the closure of key air traffic control assets absent adequate safety data and study,” the lawmakers wrote in a letter to the FAA. The Hill/Transportation blog (4/12)

Aviation News Today

April 15, 2013
 
1House Bill Introduced To Retain Contract Towers
2American To Increase Service From Los Angeles
3DOT: February Snowstorms Boost Number Of Tarmac Delays
4United To Launch Washington Dulles Flights To Guatemala, Costa Rica
5US Airways Announces Pricing Of $820 Million Aircraft Financing
6Connect to Digicast For All Of Your Training Needs
7Airlines Are Improving The Airport Experience For VIPs And Passengers Willing To Pay Extra  (AP)
8Airlines Off To A Bumpy Start In 2013, With More Flights Delayed And Canceled By Nasty Weather  (AP)
9Airbus CEO Stands By Mid-Year First Flight For A350 Widebody  (Aviation Daily)
10Airlines: Obama Budget Would Hike Ticket Prices  (Washington Post)
11AA And Farelogix Extend Technology Deal For Direct Connect  (Travel Weekly)
12Hawaiian Airlines To Use Pratt & Whitney Engines In New A321neo Planes  (Pacific Business News)
13American Splits Airbus Order Equally Between A319 And A321  (FlightGlobal.com)
14Boeing Faces Last Hurdle For Dreamliner With No-Rush FAA  (Bloomberg)
15JetBlue Chief Seeks Broader, Deeper International Airline Links  (Bloomberg)
16Two Investment Firms Interested In Frontier Airlines  (Denver Post)
17Thales, Gogo Form Connectivity Partnership  (Avionics Today)
18Plans For Customs Checkpoint In Middle East Questioned  (USA Today)
19TSA Union: Airport Screeners Were Not Consulted About Knife Decision  (The Hill)
20Phuket Airport Sees Higher Traffic  (The Nation (Thailand))
21Court Rejects Friends Of LaGuardia Airport Appeal On Trash Transfer Station  (Queens (N.Y.) Chronicle)
22Forgotten Balkan Airports Are Coming Back To Life  (Southeast European Times)
23O’Hare Airfield Lighting Outage Closes 4 Of Chicago Airport’s 7 Runways  (Huffington Post)
24Hawaiian Airlines Selects P&W Engines For A321neos  (Air Transport World)
25Boeing To Expand South Carolina Facility  (Air Transport World)
26Kenya Airways Receives First 737-300 Converted Freighter  (Air Transport World)
27RC Regional Airport Is Back Up And Running After Winter Storm  (KEVN (S.D.))
28Next 10 Days Bradley International Airport Will Be Busy, Be Prepared  (WGGB (Mass.))
29Doha Airport Home To World’s Best ‘Premium’ Terminal  (Hindustan Times)
30Rep. Bishop Presses Defense Boss On Risk At HAFB After Air Tower Closes  (Salt Lake Tribune)
31Denver And Adams Counties Move Toward ‘Open And Frank’ Talks In Airport Battle  (Denver Post)
32San Bernardino Airport Director Explains Path Of Disputed Lease Agreement  (San Bernardino (Calif.) Sun)
33Feasibility Study Underway For Dunn County Airport  (Dickinson (N.D.) Press)
34Boston Airport Bracing For Parking Crunch  (Worcester (Mass.) Telegram)
35JetBlue Plane’s Arrival At Lakeland Linder Raises Airport’s Hopes  (Lakeland (Fla.) Ledger)
36Tanzania: Bukoba Airport Rehabilitation Nears Completion  (AllAfrica)
37Dulles Airport Cargo Down, But Plans To Expand Remain  (Washington Business Journal)
38More Cargo, More Jets, Easier Access Promised For Airport  (Northwest Indiana Times)
39ADOT Names Lake Havasu City Municipal Airport 2013 Airport Of The Year  (Havasu News (Ariz.))
40China’s High-Speed Trains Attract Frustrated Fliers  (CNN)
41Ontario Rejects $474 Million Offer For Airport  (Inland Valley Daily Bulletin (Calif.))
42Charlotte Airport Fight Pits City Against Region  (Charlotte Observer)
43Funding Plan Buys Airport Tower More Time  (Lynchburg (Va.) News & Advance)
44Airport Upgrades Hit Stumbling Block  (Idaho Mountain Express)

Airport Ops Series I -20:1 Penetrations and The Loss of Your Night Minimums

April 15, 2013

Airport Ops Series I -20:1 Penetrations and The Loss of Your Night Minimumsddd

2011 Interstate 287 Crash near the NJ Morristown Airport Follow Up

April 15, 2013

That day I was actually on the Morristown Municipal  Airport for the meeting. It was about 10 am, really cold and foggy day, the meeting was cut short and people at the operations started buzzing their communications channels. Everybody was super worried, but these folks are professionals and thoroughly know their procedures. Couple days ago the NTSB released their findings, so i had to share it:

NTSB: Icing conditions, pilot action led to ‘11 plane crash on NJ highway median that killed 5.

Associated Press:

A pilot’s inability or reluctance to fly quickly enough out of icing conditions led to a fiery plane crash on a New Jersey highway median that killed all five people aboard, a federal report published Thursday concluded.

The December 2011 crash claimed the lives of pilot Jeffrey Buckalew, an investment banker; his wife and two children, and Rakesh Chawla, a colleague at New York’s Greenhill & Co. Buckalew was the registered owner of the single-engine Socata TBM 700 and had more than 1,400 hours of flight time, according to the report.

The plane had just departed Teterboro Airport en route to Georgia when it began spiraling out of control at about 17,000 feet and crashed on a wooded median on Interstate 287 near Morristown. No one on the ground was injured. Wreckage was scattered over a half-mile area, forcing the closure of the busy roadway for several hours.The National Transportation Safety Board report concluded that while Buckalew had asked air traffic controllers to fly higher and out of the icing conditions, he may have been reluctant to exercise his own authority to do so, or may have been unaware of the severity of the conditions.The NTSB attributed the cause of the accident to “the airplane’s encounter with unforecasted severe icing conditions that were characterized by high ice accretion rates and the pilot’s failure to use his command authority to depart the icing conditions in an expeditious manner, which resulted in a loss of airplane control.”

According to the report, an air traffic controller advised Buckalew of moderate icing from 15,000 to 17,000 feet, at which point Buckalew responded, “we’ll let you know what happens when we get in there and if we could go straight through, it’s no problem for us.” The controller then directed him to climb to 17,000 feet.

When the plane reached 16,800 feet Buckalew reported light icing and said “a higher altitude would be great.” Seventeen seconds later, he said the plane was experiencing “a little rattle” and asked to be cleared to go to a higher altitude “as soon as possible please.”

The controller coordinated with a controller in an adjacent sector and, 25 seconds later, directed Buckalew to climb higher. Within about a minute the plane had reached 17,800 feet and then began an uncontrolled descent.

Ice can form on airplanes when temperatures are near freezing and there is visible moisture, such as clouds or rain. The ice adds weight to an aircraft, and rough accumulations known as rime interrupt the flow of air over wings.

Numerous pilots had reported icing conditions in the area around the time of the accident, including at least three flight crews that characterized the icing as severe, according to the report. One pilot told NTSB investigators his wing anti-icing system “couldn’t keep up” with ice accumulation of as much as 4 inches that had developed over a span of five minutes.

Pilots are required to fly under the direction of air traffic controllers but federal regulations allow for some deviation in emergency situations. The NTSB report quotes a part of the Federal Aviation Regulations that reads, “in an in-flight emergency requiring immediate action, the pilot in command may deviate from any rule of this part to the extent required to meet that emergency.”

AAAE Security SmartBrief

April 12, 2013

30,000-Foot View

TSA union decries agency decision to allow small knives
The union representing employees of the Transportation Security Administration said security screeners were not asked for input on the agency’s decision to allow small knives and other objects. “Their input could have proven invaluable in the process leading up to the decision of whether to change the ban on knives,” said David Borer, general counsel for the union. The Hill/Transportation blog (4/11)

Security Update

Airline industry questions checkpoint in United Arab Emirates
The airline industry is questioning plans for a U.S. customs checkpoint in Abu Dhabi, United Arab Emirates. Nicholas Calio, president of Airlines for America, said the Department of Homeland Security should not “shift its sources to funding to those with the deepest pockets rather than addressing the greatest need.” USA Today (4/12)

Trends & Technology

Winter storms hurt on-time arrival rates in Jan., Feb.
More flights were delayed in January and February compared to the same period last year as severe weather affected many airports. For the first two months of the year, 80.3% of flights by U.S. carriers had on-time arrivals. Last year, 84.9% of flights were on time in January and February. The Washington Post/The Associated Press (4/11)

Thales, Gogo announce partnership for in-flight services
Thales and Gogo announced a partnership for in-flight connectivity and entertainment services. The venture will combine Thales’ in-flight entertainment cabin system with Gogo’s in-flight Wi-Fi. “It brings two best of breed capabilities together and will give airlines exclusive passenger experiences with an economical and global connection,” said Alan Pellegrini, president and CEO of Thales USA. Avionics Magazine online (4/11)

Airline News Spotlight

Frontier Airlines could be sold to investment firm
Frontier Airlines is attracting interest from two investment firms as Republic Airways prepares to divest the carrier. Indigo Partners and Anchorage Capital Group are in discussions with Republic about purchasing Frontier. Republic “does not comment on rumors or market speculation,” a spokesman said. The Denver Post (4/10)

JetBlue looks for international code-share partners
JetBlue Airways is looking for two-way code-share partners to boost its international offerings, said CEO David Barger. “When you really want to optimize your relationship, you need two-way codes,” Barger said. “Our policy has been to move a little bit slow because we want to make sure the technology is ready.” Bloomberg (4/11)

Policy & Regulatory

Boeing awaits FAA approval for 787 battery fix
Boeing has completed testing on its fix for the 787 battery issue and is awaiting approval from the Federal Aviation Administration. “We are engaged with the FAA to reply to additional requests and continue dialogue to ensure we have met all of their expectations,” said Marc Birtel, a Boeing spokesman. Bloomberg (4/11)

Aviation News Today

April 12, 2013
1Napolitano Defends Fiscal Year 2014 Budget Proposal
2AAAE Security Committee Vice Chair Chris Browne Testifies On Risk Based Security
3Hawaiian Airlines To Begin Service To China In 2014
4Frontier Plans New Service To Delaware
5Turkish Commits To Order 50 737 MAXs, 20 Next-Generation 737s
6AAAE/SCAAAE Accreditation/Certification Academy Held
7Did You Know
8In-Flight Wi-Fi Provider Gogo Boosts Credit Line By $113M  (Chicago Tribune)
9FAA Budget, Down Overall, Boosts NextGen Funding 7%  (Aviation Week)
10Bill To Block Flight Tower Closures Filed In House  (The Hill)
11Obama’s Proposed Budget Includes Higher Air Security Fee  (Business Travel News)
12Lithium Battery Industry Sees Safe Technology For Planes  (Bloomberg)
13Why Delta Pays More Than Emirates For Boeing Planes  (The Street.com)
14If American And US Airways Merge, What Should Fliers Expect?  (New York Times)
15Boeing Faces Last Hurdle For Dreamliner With No-Rush FAA  (Bloomberg)
16American Airlines Hiring More Home-Based Workers  (Miami Herald)
17Delta To Retrofit New Cockpits On MD-88s, MD-90s  (AIN Online)
18JetBlue March Traffic Rises 8.6% – Quick Facts  (RTT)
19American Airlines To Add New Flights To Its LAX Schedule  (San Jose Mercury News)
20Vulnerabilities In Aircraft Systems Allow Remote Airplane Hijacking, Researcher Says  (ITWorld.com)
21Business Travel’s Happiest Trend: More Private Airport Lounges On The Way  (Chicago Business Journal)
22Airlines Are Improving The Airport Experience For VIPs And Passengers Willing To Pay Extra  (AP)
23Texas Bill Criminalizing Airport Pat-Downs Is Back  (AP)
24Airport Plan Praised  (Ruidoso (N.M.) News)
25Qatar Airways Hopes Its Dreamliners Back In Service In April  (Reuters)
26Gov’t Urged To Postpone Opening Of New Airport  (Philippine Daily Inquirer)
27Lydd Airport Given Permission To Increase Capacity  (Guardian (U.K.))
28Airport Parking Rates Increase $2  (Juneau Empire)
29Woman Fighting $100K Fine For Parking Car At O’Hare For 3 Years  (AP)
30West Michigan Regional Airport Plans For Growth With New Design  (Holland (Mich.) Sentinel)
31Tompkins Adds Controllers To Suit Over Ithaca Airport Tower Shutdown  (Ithaca (N.Y.) Journal)
32New Airport Eats Arrive In Houston, Dallas And Boston  (Jaunted)
33Hillsboro Airport Runway Project Back In The Limelight  (The Oregonian)
34Closing Airport Control Towers: Eyes Wide Open  (Economist)
35Legal Claim Filed Against L.A. Over Control Of Ontario Airport  (Los Angeles Times)
36Porter Airlines To Order 12 Bombardier CSeries Aircraft  (Air Transport World)
37Vueling Board Gives Thumbs Up To New IAG Offer  (Air Transport World)
38Crew Error Led To AN-24 Crash In Donetsk  (Air Transport World)
39Worldwide Flight Services Wins Four North America Contracts  (Air Transport World)
40Los Angeles City Council To Address Los Angeles International Airport Runway Plan  (Torrance (Calif.) Daily Breeze)
41Berlin Airport Delays Continue, No New Date Set  (Fodor’s Travel)
42A Happy Business Travel Trend: More Private Airport Lounges On The Way  (Phoenix Business Journal)
43Porter Asks To Land Jets On Toronto Island Airport  (AP)
44Airport TRAX Line To Open Sunday  (Fox13now.com (Utah))
45Longtime Airport Exec Patrick Graham Retiring  (Savannah (Ga.) Morning News)
46Speed Through The Airport Like A Celebrity  (CNBC)
47Texas Legislators Take Aim At Airport Searches, Consider Opting Out Of Federal Security  (Dallas Morning News)
48Sequestration Could Shut Federally funded Frederick Airport Tower  (Washington Post)
49Auckland Airport Wins Top Award  (New Zealand Herald)
50YVR Is North America’s No. 1 Airport  (Vancouver Sun)
51Cincinnati/Northern Kentucky International Airport Takes Top Honors  (Kentucky Post)
52Passengers Say Sea-Tac Airport Has Best Service In North America  (MyNortwest.com)
53And The World’s Best Airport Is …  (CNN)
 
 
 

Vulnerabilities in aircraft systems allow remote airplane hijacking researcher says

April 12, 2013

Communication technologies like ADS-B and ACARS can be abused to remotely exploit vulnerabilities in aircraft systems, a researcher said.

By Lucian Constantin, IDG News Service |  Security
 
 

April 10, 2013, 9:04 PM — The lack of security in communication technologies used in the aviation industry makes it possible to remotely exploit vulnerabilities in critical on-board systems and attack aircraft in flight, according to research presented Wednesday at the Hack in the Box security conference in Amsterdam.

The presentation, by Hugo Teso, a security consultant at consultancy firm N.runs in Germany, who has also had a commercial pilot license for the past 12 years, was the result of the researcher’s three-yearlong research into the security of avionics.

Teso showed how the absence of security features in ADS-B (automatic dependent surveillance-broadcast), a technology used for aircraft tracking, and ACARS (Aircraft Communications Addressing and Reporting System), a datalink system used to transmit messages between aircraft and ground stations via radio or satellite, can be abused to exploit vulnerabilities in flight management systems.

He did not experiment on real airplanes, which would be both dangerous and illegal, according to his own account. Instead Teso acquired aircraft hardware and software from different places, including from vendors offering simulation tools that use actual aircraft code and from eBay, where he found a flight management system (FMS) manufactured by Honeywell and a Teledyne ACARS aircraft management unit.

Using these tools, he set up a lab where he simulated virtual airplanes and a station for sending specifically crafted ACARS messages to them in order to exploit vulnerabilities identified in their flight management systems — specialized computers that automate in-flight tasks related to navigation, flight planning, trajectory prediction, guidance and more.

The FMS is directly connected to other critical systems like navigation receivers, flight controls, engine and fuel systems, aircraft displays, surveillance systems and others, so by compromising it, an attacker could theoretically start attacking additional systems. However, this aspect was beyond the scope of this particular research, Teso said.

Identifying potential targets and gathering basic information about them via ADS-B is fairly easy because there are many places online that collect and share ADS-B data, such as flightradar24.com, which also has mobile apps for flight tracking, Teso said.

After this is done, an attacker could send specifically crafted ACARS messages to the targeted aircraft to exploit vulnerabilities identified in the code of its FMS. In order to do this, the attacker could build his own software-defined radio system, which would have a range limit depending on the antenna being used, or he could hack into the systems of one of the two main ground service providers and use them to send ACARS messages, a task that would probably be more difficult, Teso said.

Either way, sending rogue ACARS messages to real aircraft would most likely lead to the authorities searching and eventually locating you, the researcher said.

Teso created a post-exploitation agent dubbed SIMON that can run on a compromised FMS and can be used to make flight plan changes or execute various commands remotely. SIMON was specifically designed for the x86 architecture so that it can only be used in the test lab against virtual airplanes and not against flight management systems on real aircraft that use different architectures.

The researcher also created an Android app called PlaneSploit that can automate an entire attack, from discovering targets using Flightradar24 to exploiting vulnerabilities in their FMS, installing SIMON and then performing various actions, like modifying the flight plan.

As previously mentioned, the research and demonstrations were performed against virtual planes in a lab setup. However, the FMS vulnerabilities identified and the lack of security in communication technologies like ADS-B and ACARS are real, Teso said

In a real-world attack scenario, the pilot could realize that something is wrong, disengage the auto-pilot and fly the plane like in the old days using analog systems, Teso said. However, flying without auto-pilot is becoming increasingly difficult on modern aircraft, he said.

Teso did not reveal any specifics about the vulnerabilities he identified in flight management systems because they haven’t been fixed yet. The lack of security features like authentication in ADS-B and ACARS is also something that will probably take a lot of time to address, but the researcher hopes that it will be done while these technologies are still being deployed. In the U.S., the majority of aircraft are expected to use ADS-B by 2020.

N.runs has been in contact with the European Aviation Safety Agency (EASA) for the past few weeks about the issues identified during this research, Teso said, adding that he has been pleasantly surprised by their response so far. “They haven’t denied the issues, they listened to us and they offered resources,” he said. “They’re trying to help us to take this research on a real plane.”

PlaneSploit, Hugo Teso’s App, Lets Android Users Hack Airplanes

April 12, 2013

Want to hack a plane? Well, there’s an app for that.

PlaneSploit is the work of Hugo Teso, a security researcher and commercial pilot, who claims his app allows users to control a plane from the ground. Using an Android phone (sorry iPhone, Blackberry and Window Phones users), a radio transmitter, flight management software and a little bit of hacking know-how, Teso demonstrated how he changed the flight path of a plane to a crowd on Wednesday during this year’s Hack In The Box conference in Amsterdam.

The process is a bit technical (which you can read here) but the gist of Teso’s presentation is that his methods can mess with the data sent to commercial planes because they lack the security to tell whether data is coming from the right source. By interfering with the data, Teso says he could then send radio signals which could change a pilot’s display or change the plane’s speed, direction or altitude.

“You can use this system to modify approximately everything related to the navigation of the plane,” Teso told Andy Greenberg of Forbes, adding, “that includes a lot of nasty things.”

There are limitations with Teso’s hacking system though. For one, Engagdget calls PlaneSploit “proof-of-concept software”, which means it works but only in a closed, virtual environment — a demo if you will — which means it won’t be available for download off of Google’s app store.

Secondly, as Gawker points out, the app attacks a plane’s autopilot system, and while it can do terrifying things like drop passengers’ oxygen masks without warning, pilots could render the hack useless by turning off the plane’s autopilot.

According to Computer World, Teso used codes from real-world aircrafts to start the hijacking sequence but used virtual planes in a lab to simulate his actual hijacking capabilities. He says hijacking a real plane would be “too dangerous and unethical.”

 

Teso’s demo has attracted the attention of several companies that work on the navigation systems of planes, like Honeywell, Thales and Rockwell Collins. So far, it’s Honeywell that says they’ve reached out to Teso’s employer, N.Runs, a German IT consultancy firm to talk about Teso’s work, notes NBC.

“We take this seriously and we’re going to work with N.Runs to assess this,” says Scott Sayres, a rep from Honeywell, adding that Teso readily admits the version he used of our flight management system is a publicly available PC simulation, and that doesn’t have the same protections against overwriting or corrupting as our certified flight software.”

Teso is also working with the Federal Aviation Administration and the European Aviation Safety Administration, the governing bodies who regulate flight safety procedures in the States and Europe, reports the Guardian. It’s said that both agencies are working on a fix for the issue.Image

AAAE Security SmartBrief

April 10, 2013

House Democrats call on TSA to drop new knife policy
A group of House Democrats has written a letter to the Transportation Security Administration urging it to drop the policy reversal that would allow some small knives on planes. The Hill/Transportation blog (4/9)

 

Security Update

N.Y. man arrested for knife in belt buckle
Chaim Gruenzweig, 19, of Airmont, N.Y., was arrested Monday at John F. Kennedy International Airport after officials found a five-inch knife in his belt buckle. The man was traveling to Frankfurt, Germany, before Port Authority police arrested him. The Journal News (White Plains, N.Y.) (tiered subscription model) (4/9)

Charlotte airport calls for more security officers
The Charlotte-Mecklenburg police chief is calling for more security officers at Charlotte Douglas International Airport. In December, local police took over security at the city-owned airport. The News & Observer (Raleigh, N.C.)/The Associated Press (4/9)

Column: Head to east checkpoint at Dulles for shorter lines
An analysis of wait times for security screening at Dulles International Airport in Washington, D.C., showed the east checkpoint generally had shorter wait times. “Especially with the real-time screens, you’d expect a lot of travelers to move toward the checkpoint with the shorter line, but apparently not enough do to keep the two balanced,” writes columnist David Alpert. Greater Greater Washington (Washington, D.C.) (4/9)

Trends & Technology

Forecast: Business travel spending to rise 5.1% this year
Spending on business travel is predicted to rise by 5.1% this year, according to the Global Business Travel Association. “While there are still many factors that could hamper the economy again, from the impact of sequestration to rising energy prices, business travel spending is heading in the right direction so far in 2013,” said Michael McCormick, executive director of the association. Los Angeles Times (tiered subscription model)/Money & Co. blog (4/9)

Fliers slam airlines for food choices — or lack thereof
A YouGov survey found that other passengers’ smelly food was a top gripe among fliers, and a lack of free hot meals was the most common complaint. According to the survey, 27% of respondents say airplane food quality has declined during the past few years. CNBC/Road Warrior blog (4/9)

Other News

Airport Ops Spotlight

Phoenix airport debuts free Sky Train
Phoenix Sky Harbor International Airport aims to please travelers with its latest amenity, the PHX Sky Train transportation system. The free train runs between Terminal 4, the East Economy Parking Lot and the Metro light-rail station at 44th and Washington streets. Trains run every few minutes seven days a week. The Arizona Republic (Phoenix) (tiered subscription model) (4/8)

United Airlines to invest $150M in N.J. hub
United Airlines announced a $150 million investment to Terminal C at New Jersey’s Newark Liberty International Airport. The carrier will upgrade the concourse areas and install a new baggage-screening system. United flies more than 400 flights daily from the airport, which serves as a hub for the carrier. Frequent Business Traveler (4/8)

Policy & Regulatory

Senators aim to block FAA from closing control towers
A bipartisan group of 18 senators has drafted legislation to prevent the Federal Aviation Administration from closing 149 air-traffic control towers. The legislation will “protect air traffic control towers and preserve aviation safety across America,” the lawmakers said. The Hill/Transportation blog (4/9)

GAO: FAA should work more closely with airlines on NextGen
The Federal Aviation Administration should work more closely with airlines on NextGen, according to a report from the Government Accountability Office. The airline industry is required to cover $6.6 billion of the total $18 billion cost of NextGen. NextGov (4/9)