In the morning, the European Aviation Safety Agency (AESE) announced the possibility of carrying a cyberattack on an airplane. Employed by the agency, the expert was able to deceive the “Aircraft Communications Addressing and Reporting System” (ACARS), used to send text messages between aircraft and ground stations (eg airports). The vulnerability in the ACARS system was first reported by Hugo Teso in 2013, at the Hack In The Box conference on IT security, but it is only now speaking so loudly.
The weak side of ACARS is the lack of verification of data packets sent from ground stations to airplanes. For this reason it is possible to deceive this mechanism by inserting a new data packet between the information sent to the aircraft. So theoretically, potential attackers can influence the pilot’s decision to change course, sending a fake storm message to the plane. A similar mechanism could be used to fool the GPS system to misinterpret the location of an aircraft.