Remember how the internet got itself all riled up a few days ago when it found out that it would only take one rogue Android user to hack and take over an entire plane? Yeah, about that—it's not true.
When Hugo Teso gave his demonstration at the Hack In The Box security conference, he used a PC-based ACARS (Aircraft Communications Addressing and Reporting System) to show how you could falsify data and adjust the heading, altitude, and speed of an entire airplane. The thing is, the vulnerabilities he exploited exist only in the PC-based training version of the software. The FAA has dismissed the claims in a statement released today:
The FAA is aware that a German information technology consultant has alleged he has detected a security issue with the Honeywell NZ-2000 Flight Management System (FMS) using only a desktop computer. The FAA has determined that the hacking technique described during a recent computer security conference does not pose a flight safety concern because it does not work on certified flight hardware.
But it's not just the FAA shooting down Teso's claim, the European Aviation Safety Administration (EASA) came in for backup with their own statement:
There are major differences between a PC-based training FMS software and an embedded FMS software. In particular, the FMS simulation software does not have the same overwriting protection and redundancies that is included in the certified flight software.
But fearmongers don't have to hang their hat quite yet: we're still uncertain whether the hack doesn't work because of an entirely different type of software or because of security controls in the system. The latter would, of course, imply that these vulnerabilities do in fact exist, and it's just a matter of figuring out how to get around the barriers. So no need to fear flying Android users—at least for now. [Information Week]