Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researcher Finds Security Holes In FAA's New Flight Control System

Posted by samzenpus on from the blue-screen-and-sky dept.

gManZboy writes "A key component of the FAA's emerging 'Next Gen' air traffic control system is fundamentally insecure and ripe for manipulation and attack, security researcher Andrei Costin said in a presentation Wednesday at Black Hat 2012. Costin outlined a series of issues related to the Automatic Dependent Surveillance-Broadcast (ADS-B) system, a replacement to the decades-old ground radar system used to guide airplanes through the sky and on the ground at airports. Among the threats to ADS-B: The system lacks a capability for message authentication. 'Any attacker can pretend to be an aircraft' by injecting a message into the system, Costin said. There's also no mechanism in ADS-B for encrypting messages. One example problem related to the lack of encryption: Costin showed a screen capture showing the location of Air Force One — or that someone had spoofed the system."

13 of 60 comments (clear)

  1. Misleading title... by Vylen · · Score: 5, Informative

    An air traffic control system is not a flight control system. Flight control systems in the aviation world relate to things that control the ailerons, elevators and rudders on an aircraft. ATC systems may provide inputs into an FCS when in autopilot but it is an external input.

    1. Re:Misleading title... by d3ac0n · · Score: 2, Informative

      True, but since ATC's DO provide info to FCS's, and since most commercial flights are nowadays operated almost entirely by FCS except during takeoff and landing, the potential for extreme mischief exists in the form of making airplanes "disappear" and then redirecting them to random (or attacker chosen) destinations, causing mid-air collisions, or any other kind of bad behavior that could be done by causing traffic control confusion.

      Of course, there is still the pilot onboard to correct ftc errors (if noticed) and there is always the Automatic direction finder (ADF), inertial navigation, compasses, radar navigation, VHF omnidirectional range (VOR) and GNSS. So it's not as though the pilots are at a loss for ways to find the correct airport. But still, with a compromised ATC system, you would have an increasingly dangerous situation, particularly near airports and on the ground. Runway collisions become ever more likely the longer a compromise situation exists.

      Makes me glad I've given up flying (until the TSA is disbanded, anyway) if the FAA is this incompetent when picking such crucial systems. (This is, of course, the fatal flaw of top-down "command" style government systems. If the people managing the system are incompetent, then the whole system collapses. And the chances for incompetent management are always equal to one.)

      --
      Official Heretic from the "Church of Global Warming". Proven right thanks to whistle blowers. AGW = Flat Earth Theory
    2. Re:Misleading title... by Anonymous Coward · · Score: 5, Insightful

      True, but since ATC's DO provide info to FCS's,

      No they don't. Period. ATC NEVER provides direct control to planes. PILOTS provide information to FCS, which may or may not be provided via ATC, which may or may not be at least partially based on ADS. Its also worth noting that ADS is not intended to replace radar in high traffic areas, which are in fact the areas most likely targeted for tom foolery.

    3. Re:Misleading title... by bobbied · · Score: 2

      Actually, the PILOTS control the aircraft and have the *FINAL* decision about flying the aircraft. Compliance to Air Traffic Control instructions are legally required in some instances but there are exceptions. If the pilot determines that following the instruction would be impossible, unsafe or beyond the capabilities of the aircraft, he can refuse. Of course, the FAA can fine and take your license away once you get on the ground if they don't agree with you.

      If a pilot chooses to disobey, he had better do two things. 1. Communicate with ATC about what he is refusing or unable to do, 2. Be ready to defend the decision if the FAA chooses to take issue. But the PIC (pilot in command) really has the final say, which is as it should be because he has the most to loose and has the best information about the current capabilities of his aircraft.

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    4. Re:Misleading title... by sHORTYWZ · · Score: 4, Informative

      True, but since ATC's DO provide info to FCS's

      As an Air Traffic Controller with both the Army and at one of the largest airports in the midwest, I'm sorry to say, but this post couldn't be any more distant from the truth. We provide absolutely no information to the FCS on aircraft and at no point does our hardware communicate anything to the aircraft. We receive information from aircraft and that is it.

      All navigation on the aircraft is done by completely internal equipment that the pilot can override at any point.

      Air Traffic Controllers (the people) issue instructions, which the pilots are obligated to obey, but in the case that they believe an instruction from ATC is unsafe, they have the final say (and will ultimately be liable for the choice, but that's another matter).

      Runway collisions become ever more likely the longer a compromise situation exists.

      Runway collisions? Ground control is done via visual observation from the tower by a human being. Also, the pilots have windows which they can see out of. Yes, there are radar systems on the ground to back up some areas that are harder to see on large airfields, but visual control is still the primary method of control on the ground.

  2. Solutions are there, but not being used by nten · · Score: 4, Informative

    WAM can ameliorate the injection problem the TFA mentions (they could still lie but it won't matter), but it requires more hardware and communications equipment. The US is the last to jump on board with wholescale ADS-B adoption so these problems are more than just hypothetical. You can see the passive aspect of the article at work here. Planefinder is a central repository where people with software defined radios configured to listen to ADS-B dump their output.

    --
    refactor the law, its bloated, confusing and unmaintainable.
  3. two very different concerns by Trepidity · · Score: 4, Informative

    The public being able to track planes by listening in on their communications, which may indeed have privacy implications, has been the status quo for years. You can find all sorts of online sites with those kinds of maps (example). Maybe that should or shouldn't be the case, but I think it's fair to say it's the current expected case: if you're flying in a plane, your location is public knowledge to anyone within range of your transmissions who cares to listen to them.

    Now being able to inject bogus messages, that's a completely different kind of security problem.

    --
    10 PRINT CHR$(205.5+RND(1)); : GOTO 10
    1. Re:two very different concerns by capedgirardeau · · Score: 5, Insightful

      There is a reason this info is not encrypted: People need to know where airplanes are in the sky, especially other planes, including private aircraft.

      You don't really want airplanes location in the sky to be a secret or you literally run in to serious trouble.

      --
      Wax on, wax off baby!
  4. SETEC ASTRONOMY box by Joe_Dragon · · Score: 3, Interesting

    So now I don't need the SETEC ASTRONOMY box to get into the radar system.

    1. Re:SETEC ASTRONOMY box by wonkey_monkey · · Score: 2

      +1 Early 90s cult spy movie reference
      -1 Made me feel old

      --
      systemd is Roko's Basilisk.
  5. Really? by Anonymous Coward · · Score: 5, Informative

    Posting AC, I work on ATC software.

    Perhaps I'm being naive, but I'm not entirely sure where the threat is here. ATC systems work with flight plans, so if someone is spoofing an ADS-B tracks and generating multiple tracks, we're generally going associate the track that most closely matches the predicted position of the place; most likely the real one. More importantly, ATC systems factor in more than one type of surveillance source, most places with ADS-B will have RADAR coverage. Once you factor in secondary RADAR (even if it's slower and less reliable), you're going to need a whole other aircraft to spoof another one since it's looking for actual aircraft, not just messages from ground stations.

    I'm pretty new to the field, but these threats seem exactly as described, theoretical.

  6. coverage by nten · · Score: 2

    Will we keep RADAR coverage? Some of the magazines I've read indicate that as the ADS-B transition continues that RADAR coverage will be phased out. Maybe they only meant the secondary RADARs and not the primary, but that is not how the articles read. If that becomes the case, then assuming the dot closest to the flight plan is the real one, could be an error.

    --
    refactor the law, its bloated, confusing and unmaintainable.
  7. Re:Air Force One by Thundaaa+Struk · · Score: 2

    If Air Force One showed up on radar near a golf course, you can bet your arse it ain't no spoof buddy.