Good heavens!  With all this press about ‘ADS-B Security Vulnerabilities’, I’m getting a little nervous about embracing this technology.  After all, why would the press be spending all this time writing about it if it weren’t a big deal.  Here are some of the headlines:

ADS-B Vulnerability Remains a Serious Concern | Aviation
This is an update to Matt Thurber’s article in AIN’s September issue addressing concerns that have been raised about  the security of the ADS-B system

THE SKY IS CALLING, NOT FALLING

Tim Taylor talks about the disturbing news in the past few weeks that make it sound as if the ongoing roll-out of ADS-B and the NextGen airspace system is in imminent peril.  He recommends:

1) Relax, the situation is OK, bordering on “normal.” – The FAA says it has procedures in place to prevent that, and that system security is integral to ADS-B technical specifications. At minimum the subject gets continuous and very careful attention in engineering circles – by people who are at least as smart as the headline makers and who have had more than a decade to consider system security. We are not losing sleep over this.

2) Don’t relax, keep moving, there’s a lot to be done in a short time. – The ADS-B network is already active in most of the country, and towers are being added to complete coverage. The risks cited in the news stories have little if any impact on the current network. Pilots can receive meaningful safety and cost benefits by using ADS-B now. There really is no reason to delay equipping for free data-link weather data at least.

ADS-B Is Insecure and Easily Spoofed, Say Hackers
Aviation International News
Concerns about ADS-B security aren’t new. In a 2009 graduate research project at the Air Force Institute of Technology at Wright-Patterson Air Force Base in Dayton, Ohio, Air Force Major Donald McCallie identified ADS-B vulnerabilities. “As early as

Around the Web – Hackers, FAA Disagree Over ADS-B Vulnerability
The ADS-B system that is the cornerstone of the FAA’s NextGen ATC modernization plan is at risk of serious security breaches, according to Brad Haines…

Hackers, FAA Disagree Over ADS-B Vulnerability (FAA responds)
Aviation International News
by Matt Thurber The FAA said that the ADS-B system is secure and that fake ADS-B targets will be filtered from controllers’ displays. “An FAA ADS-B security action plan identified and mitigated risks and monitors the progress of corrective action,” an FAA spokeswoman told AIN.

NextGen Air Traffic Management System at Risk?
Top Secret Writers
ADS-B, or Automatic Dependent Surveillance-Broadcast, is a surveillance technology for tracking aircraft. Most of the aircraft operating within United States airspace will have to be equipped with some form of ADS-B by January 1, 2020. But, that’s not all.

NextGen Air Traffic Control ADS-B flawed – NPR piece on – NZ InfoSec
NextGen Air Traffic Control ADS-B flawed – NPR piece on RenderMan’s DEFCON talk – blog response to this item – Could the New Air Traffic Control System be Hacked?

ADS-B Hackers Pose Possible Threat to NextGen – TV Technology
TVTechnology If you fly as much as I do, this is scary.

Curious hackers inject ghost airplanes into radar, track celebrities’ flights (Computerworld)
Costin wrote, “Our main contribution is twofold – demonstrate the easiness and practicality of such attacks before the ADS-B is 100% deployed and used as primary surveillance technology.”

Air Traffic Controllers Pick the Wrong Week to Quit Using Radar (Wired)

“Costin, a doctoral candidate at Eurecom, says ADS-B is marred by serious security vulnerabilities that would make it possible for someone to spoof a plane and inject false messages into the system, leading air traffic controllers to “see” planes where none exist.”

BeechTalk – BT – ADS-B Security Vulnerabilities

“It’s worse than the article alludes to. The signals wouldn’t come from ATC, they would come from ADS-B enabled TCAS. Pilots are trained to follow TCAS commands without question and time is short when an alert occurs.”

How Much of a Concern Is “Drone Spoofing?” (FOX)

Speaking to lawmakers on Capitol Hill, “Senior national correspondent John Roberts brought you an exclusive report of University of Texas researchers being able to hack into a drone’s GPS system and guide it where to go.”

Researcher: New air traffic control system is hackable (CNN)

“Researcher says the system can be tricked into seeing aircraft that are not actually there. Messages sent using the system are not encrypted or authenticated, meaning anyone with the basic technology and know-how could identify a plane and see its location.”

Next-Gen Air Traffic Control Vulnerable To Hackers Spoofing Planes Out Of Thin Air (Forbes)

“Researchers say that ADS-B lacks both the encryption necessary to keep those communications private and the authentication necessary to prevent spoofed communications from mixing with real ones, potentially allowing hackers to fabricate messages and even entire aircraft with radio tools that are cheaper and more accessible than ever before.”

FAA’s New Flight Control System Has Security Holes: Researcher (InformationWeek)

“Among the threats to ADS-B is that the system lacks a capability for message authentication. “Any attacker can pretend to be an aircraft” by injecting a message into the system, Costin said.”

ADS-B Technology Vulnerable to Spoofing Claims Researchers (ParityNews)

“The air traffic control wouldn’t be able to differentiate the real one from the fake ones allowing the possibility of not only spoofed message to be sent across but, even the possibility of imitating entire planes with tools that are easy and cheap to procure.”

**

OK, enough already!  Journalists are just doing what journalists do best, but is the media feeding frenzy really helping?  I think not.  Is there still a vulnerability the FAA needs to address in its current system design.  Yes, there is!  Taking into consideration the credible research being done by individuals like Brad Haines (aka ‘RenderMan) and Andrei Costin (links to Brad’s Defcon presentation and Andrei’s white paper included below), the FAA needs to be open to input from the security community and deliver a system that significantly improves ‘safety in the skies’ – safe from nearby aircraft as well as from hacks and attacks.

**

Recent NPR coverage: Could the New Air Traffic Control System be Hacked?

NPR Audio – http://www.npr.org/player/v2/mediaPlayer.html?action=1&t=1&islist=false&id=158758161&m=158796228

NPR Video – http://youtu.be/NSLqRXyxiBo

Haines’ presentation given at Defcon 20: Hackers + Airplanes: No Good Can Come Of This

And a related white paper written by Andrei Costin: Ghost in the Air(Traffic): On insecurity of ADS-B protocol and practical attacks on ADS-B devices

 

Hackers, FAA Disagree Over ADS-B Vulnerability
Aviation International News
by Matt Thurber The ADS-B system that is the cornerstone of the FAA’s NextGen ATC modernization plan is at risk of serious security breaches, according to

Filed under: News

Like this post? Subscribe to my RSS feed and get loads more!