In our most recent class, the subject of cybersecurity took a particularly dramatic turn when the topic turned to in-plane security with regards to malicious software apps on smartphones. The app in question is a particular piece of code written by Hugo Teso, a german security consultant, and unveiled at a security conference two weeks ago. As Gizmodo, a popular gadget blog writes on the subject, the app demonstrated “could falsify data and adjust the heading, altitude, and speed of an entire airplane.” The potential for this app are frightening indeed; that is, if the application worked as advertised.
Upon further review, the app appears to be, for the time being, unable to replicate its results on live aircraft. The exploits appear to only be valid in the training version of the plane management software. As the same Gizmodo article points out, the Federal Aviation Administration dismissed the application’s claims rather quickly. The FAA contends:
[A] German information technology consultant has alleged he has detected a security issue with the Honeywell NZ-2000 Flight Management System (FMS) using only a desktop computer. The FAA has determined that the hacking technique described during a recent computer security conference does not pose a flight safety concern because it does not work on certified flight hardware.
Elaborating on why the certified flight hardware was immune to the exploit, the European Aviation Safety Administration, or EASA, reports that the training software lacks the overwriting protections that the certified software used in-flight have installed. In short, it seems that the software was written with enough forward thinking redundancies, authenticators, and other security features that the software is ahead of the present threat.
The question remains however how the software will react in the future to these threats. This exploit, though done as a proof of concept rather than with explicit malicious intent, nevertheless has been let out of the proverbial bag. As planes gain wifi and other networking capabilities, how long will these current software protections be sufficient? What this ordeal teaches us, more than that our planes are presently safe from these types of attacks, is that we must continue to develop software with forward-thinking security in order to ensure our safety in the 21st century.