Security News > 2024 > February > Researchers remotely exploit devices used to manage safe aircraft landings and takeoffs
Criminals could remotely tamper with the data that apps used by airplane pilots rely on to inform safe takeoff and landing procedures, according to fresh research.
In a scenario that elicits strong memories of that nail-biting flight scene from Die Hard 2, researchers investigating electronic flight bags found the app used by Airbus pilots was vulnerable to remote data manipulation, given the right conditions.
An EFB is usually a tablet or tablet-like portable computer that runs aviation-specific apps used for a variety of flight deck or cabin tasks, such as making calculations to improve aircraft performance.
The vulnerability was found in Flysmart+ Manager, one of many apps within the Flysmart+ suite used by Airbus pilots to synchronize data to other Flysmart+ apps which provide data to pilots informing safe takeoffs and landings.
A feasible attack would have to involve the interception of data flowing to the app, and a number of very specific conditions would need to be met.
Most of it came in the form of SQLite databases, with some including weight balance data of an aircraft and the minimum equipment list - information on what systems can be inoperative for a flight.