Black Hat 2012: FAA's new air traffic control system vulnerable to cyber attack

The FAA plans on replacing older radar-based systems, but one researcher warns that the satellite-based system it will implement is susceptible to hackers
The FAA plans on replacing older radar-based systems, but one researcher warns that the satellite-based system it will implement is susceptible to hackers

In 2014, the FAA plans to introduce a satellite-based air traffic control system, called Automatic Dependent Surveillance – Broadcast system (ADS-B), that will replace radar-based systems. But Costin, a researcher at Eurocom, warned an audience at Black Hat 2012 that the new system is susceptible to hacking, according to a report by CNN.

Costin said that the ADS-B system can be hacked and tricked into seeing aircraft that are not actually there, a so-called “spoofing” attack. The system transmits unencrypted and unauthenticated information, which would enable anyone with the technology to identify a plane and see its location.

"There are various applications which you can go to and basically see, online, in real time, all the airplanes which broadcast their information", said Costin.

Responding to Costin’s findings, Skip Nelson, the president of one of the company that supplies the air traffic control system, told CNN that there was nothing new in the presentation. "We are quite familiar with the theory that ADS-B could be 'spoofed,' or barrage jammed by false targets. There's little new here. In fact, just about any radio frequency device can be interfered with somewhat. I obviously can't comment on countermeasures, but you should know that this issue has been thoroughly investigated and international aviation does have a plan."
 

What’s Hot on Infosecurity Magazine?