Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researcher Finds Security Holes In FAA's New Flight Control System

Posted by samzenpus on from the blue-screen-and-sky dept.

gManZboy writes "A key component of the FAA's emerging 'Next Gen' air traffic control system is fundamentally insecure and ripe for manipulation and attack, security researcher Andrei Costin said in a presentation Wednesday at Black Hat 2012. Costin outlined a series of issues related to the Automatic Dependent Surveillance-Broadcast (ADS-B) system, a replacement to the decades-old ground radar system used to guide airplanes through the sky and on the ground at airports. Among the threats to ADS-B: The system lacks a capability for message authentication. 'Any attacker can pretend to be an aircraft' by injecting a message into the system, Costin said. There's also no mechanism in ADS-B for encrypting messages. One example problem related to the lack of encryption: Costin showed a screen capture showing the location of Air Force One — or that someone had spoofed the system."

7 of 60 comments (clear)

  1. Misleading title... by Vylen · · Score: 5, Informative

    An air traffic control system is not a flight control system. Flight control systems in the aviation world relate to things that control the ailerons, elevators and rudders on an aircraft. ATC systems may provide inputs into an FCS when in autopilot but it is an external input.

    1. Re:Misleading title... by d3ac0n · · Score: 2, Informative

      True, but since ATC's DO provide info to FCS's, and since most commercial flights are nowadays operated almost entirely by FCS except during takeoff and landing, the potential for extreme mischief exists in the form of making airplanes "disappear" and then redirecting them to random (or attacker chosen) destinations, causing mid-air collisions, or any other kind of bad behavior that could be done by causing traffic control confusion.

      Of course, there is still the pilot onboard to correct ftc errors (if noticed) and there is always the Automatic direction finder (ADF), inertial navigation, compasses, radar navigation, VHF omnidirectional range (VOR) and GNSS. So it's not as though the pilots are at a loss for ways to find the correct airport. But still, with a compromised ATC system, you would have an increasingly dangerous situation, particularly near airports and on the ground. Runway collisions become ever more likely the longer a compromise situation exists.

      Makes me glad I've given up flying (until the TSA is disbanded, anyway) if the FAA is this incompetent when picking such crucial systems. (This is, of course, the fatal flaw of top-down "command" style government systems. If the people managing the system are incompetent, then the whole system collapses. And the chances for incompetent management are always equal to one.)

      --
      Official Heretic from the "Church of Global Warming". Proven right thanks to whistle blowers. AGW = Flat Earth Theory
    2. Re:Misleading title... by Anonymous Coward · · Score: 1, Informative

      > What happens to the system when it displays planes that are not there?

      If it doesn't have a flight plan, or is squawking a code not assigned by ATC, then they know something weird is going on. Maybe we lose the use of a little airspace, since ATC will probably not allow other airplanes to fly into conflict with the ghost plane. Maybe fighters are scrambled

      > Or conceals planes that are?

      Flyway 70 heavy, negative radar contact. Resume standard position reporting.

    3. Re:Misleading title... by sHORTYWZ · · Score: 4, Informative

      True, but since ATC's DO provide info to FCS's

      As an Air Traffic Controller with both the Army and at one of the largest airports in the midwest, I'm sorry to say, but this post couldn't be any more distant from the truth. We provide absolutely no information to the FCS on aircraft and at no point does our hardware communicate anything to the aircraft. We receive information from aircraft and that is it.

      All navigation on the aircraft is done by completely internal equipment that the pilot can override at any point.

      Air Traffic Controllers (the people) issue instructions, which the pilots are obligated to obey, but in the case that they believe an instruction from ATC is unsafe, they have the final say (and will ultimately be liable for the choice, but that's another matter).

      Runway collisions become ever more likely the longer a compromise situation exists.

      Runway collisions? Ground control is done via visual observation from the tower by a human being. Also, the pilots have windows which they can see out of. Yes, there are radar systems on the ground to back up some areas that are harder to see on large airfields, but visual control is still the primary method of control on the ground.

  2. Solutions are there, but not being used by nten · · Score: 4, Informative

    WAM can ameliorate the injection problem the TFA mentions (they could still lie but it won't matter), but it requires more hardware and communications equipment. The US is the last to jump on board with wholescale ADS-B adoption so these problems are more than just hypothetical. You can see the passive aspect of the article at work here. Planefinder is a central repository where people with software defined radios configured to listen to ADS-B dump their output.

    --
    refactor the law, its bloated, confusing and unmaintainable.
  3. two very different concerns by Trepidity · · Score: 4, Informative

    The public being able to track planes by listening in on their communications, which may indeed have privacy implications, has been the status quo for years. You can find all sorts of online sites with those kinds of maps (example). Maybe that should or shouldn't be the case, but I think it's fair to say it's the current expected case: if you're flying in a plane, your location is public knowledge to anyone within range of your transmissions who cares to listen to them.

    Now being able to inject bogus messages, that's a completely different kind of security problem.

    --
    10 PRINT CHR$(205.5+RND(1)); : GOTO 10
  4. Really? by Anonymous Coward · · Score: 5, Informative

    Posting AC, I work on ATC software.

    Perhaps I'm being naive, but I'm not entirely sure where the threat is here. ATC systems work with flight plans, so if someone is spoofing an ADS-B tracks and generating multiple tracks, we're generally going associate the track that most closely matches the predicted position of the place; most likely the real one. More importantly, ATC systems factor in more than one type of surveillance source, most places with ADS-B will have RADAR coverage. Once you factor in secondary RADAR (even if it's slower and less reliable), you're going to need a whole other aircraft to spoof another one since it's looking for actual aircraft, not just messages from ground stations.

    I'm pretty new to the field, but these threats seem exactly as described, theoretical.