- Hacker and commercial pilot finds security issues in the aircrafts systems
- Aviation companies disavow the possibility of controling the planes from land
When I ask Hugo Teso why now and why in Germany he answers “no one is prophet in his own land and even less on crisis times”. It was precisely this crisis that pushed Hugo to leave Spain and to work and show his theories beyond our borders.
This computer security expert, on his thirties, and commercial pilot for 12 years lives in Berlin where he got a great job opportunity. The company he works for, n.runs Professionals, opened him the doors to show his years of research as speaker in the prestigious event Hack in the Box, celebrated in Amsterdam last April.
Everything normal, just another yearly freaks meeting to share their new hardware and software toys. Just that Teso’s words made the FAA, the BSI, the EASA and almost every big company from the aviation industry blush. This is, Americans among others. And for a good reason.
This hacker born in Barcelona, that is smoking while we talk, announced in Netherlands the huge amount of security issues on modern, and not so modern, aviation related systems. He exposes that, by using an application developed by himself, he could “remotely hijack” an aircraft and partially control its behavior and actions. This expert always talks about virtual environments and never about real aircrafts.
Although repeating that has not been enough to avoid that media from all over the world like CNN, NBC, German tabloid The Bild, The Independent or Forbes Magazine echoed an opinion. And as Hugo Teso has said again and again: “The only way to fall down an aircraft just with and Android device would be if I throw it inside the turbine”.
Even so, the responsible ones to avoid those security issues ran in front of the cameras to deny the spanish, saying that everything is a lie. This behavior surprises everyone that usually flies but Teso doesn’t. If there are issues in an obsolete system, why not to talk to the expert that can help to solve them? Why can’t we fly with more security? Is more dangerous to carry on 100 mililiters of champoo in our dressing case?
But the expert answers. So now what?
My company and I are trying to arrange an agreement with the companies to start working on resolve the issues found.
Could you tell me which companies you are talking with?
We are in touch with every company and agency that was interested in my research. We keep our doors open to everybody.
Do you think you have convinced every journalist that introduce you as the hacker able to hijack aircrafts from ground?
They are wrong because they say I could do it ‘only’ with an application in an Android device.
Do you have the tools?
Then, could you do it?
Without going into technical details, I demonstrated that real aircrafts have security issues but in a way that the tools I have can’t be used against them. It may sound contradictory but, if you study the technical details, you will be able to understand it.
Last week you were to Frakfurt where you met with ZDF, German public television. Did you feel differences in treatment by German media?
Not in treatment but in the approach.
They don’t go after the scoop but the facts, with some sensationalism but keeping the truth.
What do you thing about how some media tried to face you against other parties involved?
That was predictable but I have no intention to play that game because my target is working together, not fight.
What would you say to those who have been quick to disavow you?
They are two groups that contradict me: in the one hand, big companies that don’t disavow me but we say the same thing. Media have written whatever they want to. Agencies disavow them, not me. In the second hand, the others experts criticize me based in what they read in the media. I agree because media wrote things I never said.
Are you afraid (of those people/agencies)?
No, no, no. We are working with the agencies to solve the issues. There is a dialogue with the audience, and media are necessary to reclaim attention to work with the agencies. Although I understand the technical issues media did when they tried to broadcast to the audience.
Aircraft security is always a theme to take care with, even more since September 11th attacks. Have you received any mention due to this event?
Yes, doing speculations to this and any incident from the last decade was inevitable, like for instance the Air France accident.
Hack in the Box is not your first conference talk. Why didn’t you show what you know before?
I showed a part of my research in private conferences because it was not ready for the audience yet. Besides I already couldn’t contact to aviation industry. That’s why it wouldn’t had been responsible to release this information. Although there is people that has known about my research for three years, that didn’t interested them till now, after HITB.
So, now that you have the media and ‘the men in black’ attention, what’s the next step?
Just waiting media forget me and take advantage of those companies attention to keep in touch with them and collaborate to resolve the issues I found, the first target from the beginning.