Andrei Costin and Dustin Hoffman are planning to present their findings at the Black Hat and Defcon conferences and the highlight of their talks is going to be ADS-B that will be implemented in US by 2020.
What is ADB-S? It is a technology that promises to make air traffic control a lot cheaper, easier and safer as it doesn’t depend on radars for tracking but, allows planes to send out their locations through radio frequency communications.
Both the researchers claim that ADS-B lacks the necessary encryption to keep communications private and also doesn’t have the necessary authentication system in place to prevent spoofed communications.
What are the implications? The air traffic control wouldn’t be able to differentiate the real one from the fake ones allowing the possibility of not only spoofed message to be sent across but, even the possibility of imitating entire planes with tools that are easy and cheap to procure.
Andrei Costin is a Ph.D. candidate at the French security institute Eurecom and is planning to give a talk at Black Hat. According to Costin, “It’s practically possible for a medium-technical savvy person to mount an attack and impersonate a plane that’s not there”, notes Forbes.
According to Costin, even a not-so tech savvy individual can use software-defined radio, a PC-based receiver and transmitter can create spoofed messages such that it alerts a tower or a plane about an oncoming jet that actually doesn’t exist.
Costin reached out to FAA for comments and the reply was as below:
“The FAA has a thorough process in place to identify and mitigate possible risks to ADS-B, such as intentional jamming, ”and “ conducts ongoing assessments of ADS-B signal vulnerabilities. The contract for the ADS-B ground station network requires continual independent validation of the accuracy and reliability of ADS-B and aircraft avionics signals. An FAA ADS-B security action plan identified and mitigated risks and monitors the progress of corrective action. These risks are security sensitive and are not publicly available.”
FAA’s response might not be too comforting but there was one aspect in its statement about “redundancies to ensure safe operations.” By this FAA meant that it was going to utilize its current radar base systems as back-up to the ADS-B.
Dustin Hoffman the second researcher, a pilot as well, is planning to talk on air traffic control privacy at Defcon makes a point by saying that if a pilot suddenly gets message that another jet was half a mile away, he/she may very well panic and lose his/her cool.
“If a pilot sees a plane suddenly coming at him from half a mile away, he might yank the hell out of the yoke before looking out the window. Or he could cause the plane to dive erratically and without warning,” said Hoffman.
This is not the first instance when such a research has been carried out. Previous year saw such attempts from a group of Air Force analysts with their findings narrated in “International Journal of Critical Infrastructure Protection”.