From Forbes: Next-Gen Air Traffic Control Vulnerable To Hackers Spoofing Planes Out Of Thin Air
By 2020, a new system known as Automated Dependent Surveillance-Broadcast or ADS-B will be required as the primary mode of aircraft tracking and control for commercial aircraft in the U.S.–earlier in other countries such as Australia. And both researchers say that ADS-B lacks both the encryption necessary to keep those communications private and the authentication necessary to prevent spoofed communications from mixing with real ones, potentially allowing hackers to fabricate messages and even entire aircraft with radio tools that are cheaper and more accessible than ever before.
“Anyone can technically transmit these messages,” says Andrei Costin, a Ph.D. candidate at the French security institute Eurecom who plans to give a talk called “Ghosts In The Air (Traffic)” at Black Hat. “It’s practically possible for a medium-technical savvy person to mount an attack and impersonate a plane that’s not there.”
ADS-B promises to make air traffic control easier, cheaper and in many ways safer by allowing planes to transmit their locations by radio frequency instead of depending on towers to use radar to track and coordinate them. But without encryption or authentication, ADS-B both exposes flyers to more potential tracking and fails to provide a trusted authority for planes’ location to the same degree as radar, says Costin.
Anyone with a radio tuned to the system’s 1090 megaherz frequency can listen in and track planes. That’s a notion that may disturb some privacy-conscious flyers, but it’s hardly a new phenomenon—sites and apps like FlightAware and PlaneTracker already make that data available from the FAA’s databases.
More troubling is the ability to fabricate fake signals that are indistinguishable from real ones. Using a software-defined radio, a PC-based receiver and transmitter that’s far more versatile than the average consumer radio, anyone from a prankster to a determined attacker could create a message alerting a tower or a plane to an oncoming jet that doesn’t exist.
“This is the most important problem,” says Costin. “You can put out a method that looks valid in the ether, and they can’t verify whether it’s real or malicious.”
But the trick could be scaled up to hundreds or thousands of fake signals, much like a denial-of-service attack that uses thousands of computers to choke a website with a flood of fraudulent requests for information, Costin says.
Perhaps the most comforting part of the FAA’s response was its assurance of ”redundancies to ensure safe operations.” The agency says it plans to maintain half its current network of radar systems “as a backup to ADS-B in the unlikely event it is needed.”