Vulnerable ADS-B Air Traffic System is Hackable

The global air traffic management industry is vulnerable and hackers could exploit it, according to data released on 26 July 2012. Its vulnerabilities, said security researcher Andrei Costin, could let through cyber attacks that disturb standard air traffic control procedures.

Costin's presentation occurred at a cyber conference held in Las Vegas and centred on how anybody reasonably PC-literate and equipped with approximately $2,000 worth of electronic equipment could give airport ATC workers a real problem. He stressed, however, that his findings were being presented "for information only."

Costin honed in on the ADS-B (Automatic Dependent Surveillance Broadcast) technology - one element of the NextGen (Next-Generation Air Transportation System) programme. ADS-B is ultimately set to replace radar-based aircraft tracking technologies at airports around the world. Within US airspace, it will be compulsory for all commercial aircraft to be ADS-B compatible by 2020 and the system has several benefits, giving commercial pilots increased situational awareness and lowering air travel pollution levels to boot.

Hackable Air Traffic System

However, according to Costin, ADS-B doesn't include a feature that actually checks-out the message source. This, potentially, makes ADS-B a hackable air traffic system.

"There is no provision to make sure a message is genuine," he stressed. "It is basically an inviting opportunity for any attacker with medium technical knowledge." He added: "Imagine you inject a million planes; you don't have that many people to cross-check. You can do a human resource version of a denial of service attack on an airport."

He illustrated his point by demonstrating how a colleague had been able to identify an aircraft that was broadcasting Air Force One's call-sign and then, by using an iPad, work out its heading.

ADS-B Vulnerabilities

"It can be a very profitable business model for criminals to invest a small amount of money in radios, place them around the world", he said, concluding his ADS-B vulnerabilities presentation. "If it were Air Force One, why does Air Force One show itself? It is a very high profile target and you don't want everyone to know it is flying over your house."

‘The FAA plans to maintain about half of the current network of secondary radars as a backup to ADS-B in the unlikely event it is needed', the US Federal Aviation Administration said, in a statement. ‘An FAA ADS-B security action plan identified and mitigated risks and monitors the progress of corrective action. These risks are security sensitive and are not publicly available.'

ATC image copyright FAA - Courtesy Wikimedia Commons