Could an exploit via an Android app really hijack a plane? Not so, says a prominent pilot/author
Finally, some sanity. After many a blog post this week re-reported Help Net Security's "Hijacking airplanes with an Android phone" piece -- in which security consultant and pilot Hugo Teso apparently demonstrated how he could theoretically interfere with an aircraft's flight management system -- and headlines grew more and more alarmist, Patrick Smith, editor of the popular "Ask the Pilot" blog has a few things to say about the matter.
Starting with, "This is my pre-emptive plea, an open letter to the media to rein in this silly airplane story before it gets too much traction."
The story really grew legs, of course, because a mobile device was involved. Wrote Help Net Security:
To make things even more interesting - or easier - Teso showcased an Andorid [sic] application that uses SIMON's powers to remotely control airplanes on the move. The application, fittingly named PlaneSploit, sports a clean and simple interface, but is packed full with features. This is a remarkable example of technology evolution - ten years ago we barely had phones with a color screen, today we can use them to hack aircraft.
The penultimate paragraph, however, grossly tempers the alarmist prose that comes before it:
There is a solution for pilots to regain the control of the plane and land it safely, he says. Attacks of this kind work only when the auto-pilot is on, so the trick is to switch it off, then fly the plane by using analog instruments.
Pilots actually flying the planes themselves? That's still a thing in 2013? Yes. It most certainly is.
Smith, whose columns often aim to dispel common misconceptions about flying (his favorite is that pilots don't actually fly the plane), fired back today.
Hugo Teso, the person behind this lecture/experiment, seems to have a rudimentary understanding of how planes fly, and seems somewhat familiar with the way pilots and their technology interact, but he’s extrapolating wildly — or the media is extrapolating wildly based on some of the things he’s said.
Smith sums it up in once sentence, really: "The sorts of problems [the exploit] might conceivably cause is nothing a crew couldn’t notice and easily override in about five seconds."
And, yes. You still need to turn off your gear below 10,000 feet.
Ed note: Changed the headline from "refutes" to "downplays," which I agree is more accurate here. - Phil