There is a new air traffic control technology under development for deployment all over the world, but according to a security researcher, the new system can be manipulated. Anyone with a few hundred dollars can hack the system, according to Andrei Costin, a Ph.D. candidate at the French security institute Eurecom.
During his talk at the Black Hat security conference last Thursday, Costin outlined the issues of the new system, stating that hackers can spoof planes out of thin air. The new system called Automatic Dependent Surveillance-Broadcast (ADS-B) uses GPS to continuously broadcast the locations of planes. Other aircrafts and ground station receive the signals, but the signals are not encrypted or authenticated. The current system already allows a person with the right equipment to track planes in the sky, but the new system allows fabricating fake signals that are indistinguishable from real ones.
Although fake signals can be checked against conventional radar systems and a database of flight plans, the system becomes seriously unsafe when hundreds or thousands signals are injected, much like a denial-of-service attack, Costin says. It's impossible to check thousands of signals for authenticity.
According to a spokesperson of the Federal Aviation Administration, "The FAA has a thorough process in place to identify and mitigate possible risks to ADS-B, such as intentional jamming." For example, the FAA plans on keeping half of the old systems in place. However, Costin feels that the problem has to be addressed, since the tools to exploit ADS-B are becoming cheaper and more accessible, with the software-defined radio called Phi ($750) as an example. In 2020, when the U.S. requires the majority of the aircraft to be equipped with ADS-B, software-defined radios will be many levels more advanced, he says. "This isn’t going away."