CVE-2026-26741

PX4 Autopilot versions 1.12.x through 1.15.x contain a logic flaw in the mode switching mechanism. When switching from Auto mode to Manual mode while the drone is in the "ARMED" state after landing and before the automatic disarm triggered by the COMDISARMLAND parameter, the system lacks a thrott...

Cockpit door lock auto-unlock is no surprise

TL;DR Through reverse engineering a cockpit door lock controller several years ago, we’ve known about the auto-unlatch issue We couldn’t publish owing to the risk to flight safety, even though some airplane type manuals already described the behaviour in a depressurisation event Now that the Alas...

Vulnerability disclosure in aviation

We joined Boeing and United Airlines on a panel recently at the RSA Conference to talk about vulnerability disclosure in the aviation world. The engagement we are now seeing between researchers and industry is a powerful force for positive change. Hopefully this will start to reduce the number of...

EFB vulnerability in Lufthansa’s Lido eRouteManual

Almost all commercial airlines now use electronic flight bags EFBs to drive efficiency and safety in their operations. We’ve been testing the security of EFBs and their apps, here’s our latest findings. TL;DR Many airlines use Lufthansa Systems Lido eRoute Manual for their EFB approach plates. We...

DEF CON 30. Hacking EFBs. Engine Performance

At DEF CON 30 this year we demonstrated some vulnerabilities in electronic flight bags and the potential impact on flight safety. There’s plenty more detail of EFB security issues here. As part of the Aerospace Village at DEF CON 30, we invited people to fly our flight sim under instruction from...

EFB Tampering 3. Take-off pt1

Take-off Performance Part 1: Introduction, Thrust & Speeds TL;DR Take-off performance applications perform calculations to provide critical take-off performance data to pilots e.g. thrust/trim/flap setting for take-off Modifying any one of these could have severe consequences. For example, an...

DJI Launches Drone Bug Bounty Program

The lack of security in commercial drones has been well documented, but one Chinese manufacturer is working to fix that by incentivizing researchers who can poke holes in the software its drones run on. One of the largest unmanned aerial vehicle manufacturers, Dà-Jiāng Innovations Science and...

Hackers Probably Can't Hijack an Airplane with Software

An alarming dispatch from the Hack In The Box security conference in Amsterdam arrived on Wednesday: a hacker says he's found a way to take over airplane controls. That's probably not true. At least according to the Federal Aviation Administration FAA, the European Aviation Safety Administration...