Tthe Federal Aviation Administration says the exploit won't work on a real jet. When a security researcher announced this week that he’d written an Android app that allowed him to hijack a jet with his Samsung Galaxy smartphone, he acknowledged an important caveat to his exploit: It had been tested only on a simulator.That turned out to be a very important qualifier in the exploit of the researcher, Hugo Teso, who works for N.Runs in Germany and is also a pilot certified to fly commercial aircraft .It seems that while Tesso’sA Android app may work on a navigation system simulator, it won’t work on a system that’s been cockpit certified for the real world, according to the U.S. Federal Aviation Administration (FAA).“The FAA has determined that the hacking technique described during a recent computer security conference does not pose a flight safety concern because it does not work on certified flight hardware,” the agency said in a statement released to the media. App misleads nav systemTeso demonstrated his PlaneSploit app Wednesday at the Hack In A Box conference being held in Amsterdam. He showed–on a PC running training software for the navigation system used in commercial jets–how he could alter the heading, altitude, and speed of a plane by using his smartphone app and an antenna. He also demonstrated how to feed false information to cockpit displays in a plane and take command of some of aircraft’s systems, allowing him to perform tasks like deploying all the oxygen masks for its passengers.During Teso’s presentation PDF at the conference, he said he’s been studying ways to exploit aircraft flight management systems (FMS) for three years. Those systems are the computer-human interface in a plane used by pilots for navigation, flight planning, performance computations, and such.One of Teso’s claims was that he could hack into the FMS and control a plane’s autopilot. The FAA discounted that claim.“The described technique cannot engage or control the aircraft’s autopilot system using the FMS or prevent a pilot from overriding the autopilot,” the agency stated. “Therefore, a hacker cannot obtain ‘full control of an aircraft’ as the technology consultant has claimed.”The FAA’s overseas counterpart–the European Aviation Safety Agency (EASA)–made a similar assessment of Teso’s efforts.“There are major differences between a PC-based training FMS software and an embedded FMS software,” the agency told The Inquirer. “In particular, the FMS simulation software does not have the same overwriting protection and redundancies that is included in the certified flight software.” Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe