For years, hackers have been warning that passenger jets are vulnerable to cyber-attacks. Airlines and plane manufacturers have largely ignored the risks, but recent events are leading German authorities and pilots to take the threats extremely seriously.
The officials from the European Aviation Safety Agency (EASA) were not at all happy about what they were hearing. An unshaven 32-year-old from Spain, his hair pulled back in a ponytail, was talking about cockpit computers and their weaknesses and security loopholes. Specifically, he was telling the EASA officials how he had managed to buy original parts from aviation suppliers on Ebay for just a few hundred dollars. His goal was to simulate the data exchange between current passenger-jet models and air-traffic controllers on the ground in order to search for possible backdoors. His search was successful. Very successful.
The Spaniard's presentation took place two years ago in an EADS conference room looking over the rooftops of Cologne. He had been invited after, in accordance with the hacker ethic, he had notified the agency that he was planning to release the results of his years-long study at a hacker conference. Engineers from airlines and airplane manufacturers were also following the Spaniard's presentation via video. After he had finished, he recalls, they all wanted to know the same thing: "You aren't really planning on making all of that public, are you?"
Their concern focused on his central finding, which he continues to repeat to this day. "In modern airplanes, there are a whole series of backdoors, through which hackers can gain access to a variety of aircraft systems." The Spaniard's name is Hugo Teso, and he now works for a data security firm based in Berlin. For the past several years, he has been commissioned by various companies to try to break in to their computers and networks. But because Teso is also a pilot and continues to hold a valid license, he has developed a reputation in the aviation industry as someone whose tech-security warnings should be taken seriously.
Teso has demonstrated that you don't even need a computer to hi-jack a plane remotely. A smartphone equipped with an app called PlaneSploit, which Teso himself developed, could be enough. In theory cyber-terrorists could use such an app, or something similar, to take over a plane's steering system and, in a worst-case scenario, cause the plane to crash.