Pilot Apps Are Vulnerable to Hacking: UC San Diego Study

Researchers: Common devices used by casual pilots could give hackers access to information pilot sees like location or airspace restriction

Inexpensive wireless devices used by private pilots for GPS, weather information and more are susceptible to hacking or spoofing, which could lead to catastrophic outcomes, a team of researchers recently revealed.

Computer scientists at the University of California, San Diego and Johns Hopkins University presented their findings Nov. 5 at a conference in Arizona to increase awareness among pilots who use the devices.

They looked at three combinations of devices and apps most commonly used by private pilots:

  • Appareo Stratus 2 receiver with the ForeFlight app (one of the top grossing apps)
  • Garmin GDL 39 receiver with the Garmin Pilot app
  • SageTech Clarity CL01 with the WingX Pro7 app.

Each combination uses a tablet to display information such as an aircraft’s location, data on nearby aircraft, weather or airspace restrictions, according to the team.

In all three, researchers were able to tamper with the connection between receiver and tablet, effectively giving a hacker full control over safety-critical real-time information shown to the pilot, they said.

In two of the combinations, an attacker would be able to replace completely the firmware, which is home to the programs controlling the devices, according to a UC San Diego news release.

“When you attack these devices, you don’t have control over the aircraft, but you have control over the information the pilot sees,” Kirill Levchenko, a computer scientist at the Jacobs School of Engineering at UC San Diego said in the university’s news release.

Researchers say the FAA does not regulate the systems because they are not an integral part of the aircraft.

The findings were presented at the 21st ACM Conference on Computer and Communications Security in Scottsdale, Ariz.

NBC 7 reached out to the manufacturers of the apps tested to get their response to the findings and received no response.

Read more on what researchers found and their suggestions for making the systems more secure here.

Contact Us