New air traffic control technology under fire for security weakness



 

There is a new air traffic control technology under development for deployment all over the world, but according to a security researcher, the new system can be manipulated. Anyone with a few hundred dollars can hack the system, according to Andrei Costin, a Ph.D. candidate at the French security institute Eurecom.

During his talk at the Black Hat security conference last Thursday, Costin outlined the issues of the new system, stating that hackers can spoof planes out of thin air. The new system called Automatic Dependent Surveillance-Broadcast (ADS-B) uses GPS to continuously broadcast the locations of planes. Other aircrafts and ground station receive the signals, but the signals are not encrypted or authenticated. The current system already allows a person with the right equipment to track planes in the sky, but the new system allows fabricating fake signals that are indistinguishable from real ones.

Although fake signals can be checked against conventional radar systems and a database of flight plans, the system becomes seriously unsafe when hundreds or thousands signals are injected, much like a denial-of-service attack, Costin says. It's impossible to check thousands of signals for authenticity.

According to a spokesperson of the Federal Aviation Administration, "The FAA has a thorough process in place to identify and mitigate possible risks to ADS-B, such as intentional jamming." For example, the FAA plans on keeping half of the old systems in place. However, Costin feels that the problem has to be addressed, since the tools to exploit ADS-B are becoming cheaper and more accessible, with the software-defined radio called Phi ($750) as an example. In 2020, when the U.S. requires the majority of the aircraft to be equipped with ADS-B, software-defined radios will be many levels more advanced, he says. "This isn’t going away."

Source: Forbes | Image via airport-technology.com

Report a problem with article
Previous Story

Germany bans Motorola Android phones due to Microsoft patent

Next Story

Captain Obvious: Microsoft says Surface will compete with other Windows 8 tablets

14 Comments

SuperKid said,
No encryption? No authentication? Not very secure then.

Keep in mind that they may have been working within certain processing, time-critical or cost constraints . But it also may be true that this is simply an oversight.

EDIT: Also, don't forget that while consumer electronics have lots of processing power at a low cost, these are certainly not the types that can be used in such critical environments.

The extra time required to decrypt the signal would be totally insignificant for hardware even made 10 years ago.

The cost would be considerably less than say crashing a 747 for example.

Generally these systems use very similar hardware to normal consumer stuff, they get their reliability from redundancy.

And history repeats it self, tight budget would caused the "half of the old system" to be phased out before this is fixed due to budget cuts and rely on system with known flaw.

All this talk of security problems is so inconvenient. And it would mean people will have to answer hard questions. Its far easier to pass a law to ban hacking into air traffic wireless control systems than actually fix the problem.

Edited by TrekRich, Jul 27 2012, 6:24pm :

TrekRich said,
All this talk of security problems is so inconvenient. And it would mean people will have to answer hard questions. Its far easier to pass a law to ban hacking into air traffic wireless control systems than actually fix the problem.

until some one abuse it for causing massive deaths and terror; and then who's to blame? the security fault? the researcher? the FDA?

GPS signals are also not encrypted and since they're so weak due to the satellites being in space, much easier to spoof.

Also ADS-B is used in combination with a GPS receiver that's WAAS enabled. So basically the GPS information comes from satellites and then is further augmented by a ground station to make sure the information received is accurate and reliable.

It's also already in use in certain countries (australia for one) and pretty much every single commercial carrier also uses it. The only thing required by 2020 is most planes to have it installed (most new GA aircraft with glass cockpits already have it).

Ridiculous, safety is absolutely paramount in commercial aviation. If they can't provide a secure product the contract should be taken elsewhere

Javik said,
Ridiculous, safety is absolutely paramount in commercial aviation. If they can't provide a secure product the contract should be taken elsewhere

The problem is for the past couple of years the FAA has been running on an extremely tight budget.

Things that should have been implemented weren't, hell most of the ATC technology is straight out from like the 1990s. The FAA simply just doesn't have the funds it needs to do anything but run from day to day. But its ok, as long as the department of defense keeps getting checks to keep paying for the F-35 and other projects that should have been cancelled a long time ago since they went wayyyyy over their budgets, everything is good.

How is the obvious not taken into account when designing this system ?

Can i do better ?

Maybe..
I tell ya all one thing i sure hell wouldn't have a full planet full of aircraft dependent
on one or more gps satellites when its a widely known common fact that they are going to be knocked out.
This could happen rapidly in a couple hours time and combined with other
already existing gps and electronic related vulnerabilities this could be cataclysmic !

Nobody ever hear of a solar flare before or a CME ?
You know like the one that knocked power out in Canada in 1989.
Six million people were left without power for nine hours, with significant economic loss.
Head Nasa scientists have stated publicly that this issue is an extreme threat and it WILL become a serious problem anytime with almost no warning at all..
And gps satellites are far more vulnerable than anything on earth..

nothing but a continued string of Foolishness
And i really don't look forward to when most if not all power is cut off
for an extended period of time, most likely plunging societies in anarchy.

WTF is with people that they think stuff like this is some kind of scy fi entertainment
and they can just laugh it off and pretend everything is fine.

I'm surprised this wasn't mentioned yet, i seen the word GPS and i thought uh oh..

we're screwed already and morons just keep digging the hole deeper !
lets give our selves a big pat on the back for being so smart lol

I am Not PCyr said,
lots of garble

I think you need to actually go into the cockpit of a plane and see what instruments they have, GPS is just a toy compared to what the pilots are trained to use.

Commenting is disabled on this article.