杏吧原创

Air traffic system vulnerable to cyber attack

A next-generation global air traffic control system is vulnerable to malicious hacks that could cause catastrophe
Image: Mark Wagner/Aviation-Images.com
Image: Mark Wagner/Aviation-Images.com

AN ALARM blares in the cockpit mid flight, warning the pilot of an imminent collision. The pilot checks his tracking display, sees an incoming aircraft and sends the plane into a dive. That only takes it into another crowded air lane, however, where it collides with a different plane. Investigators later discover that the pilot was running from a 鈥済host鈥 鈥 a phantom aircraft created by a hacker intent on wreaking havoc in the skies.

It鈥檚 a fictional scenario, but US air force analysts warn that it could be played out if hackers exploit security holes in an increasingly common air traffic control technology.

At issue is a technology called Automatic Dependent Surveillance 鈥 Broadcast (ADS-B), which the International Civil Aviation Organisation certified for use in 2002. Gradually being deployed worldwide, ADS-B improves upon the radar-based systems that air traffic controllers and pilots rely on to find out the location and velocity of aircraft in their vicinity.

Conventional ground-based radar systems are expensive to run, become less accurate at determining position the further away a plane is, and are slow to calculate an aircraft鈥檚 speed. Perhaps worst of all, their limited range means they cannot track planes over the ocean.

So instead of bouncing radar signals off aircraft, ADS-B uses GPS signals to continuously broadcast a plane鈥檚 identity, ground position, altitude and velocity to networks of ground stations and other nearby aircraft. This way, everyone knows where everyone else is.

ADS-B transmits information in unencrypted 112-bit bursts 鈥 a measure intended to make the system simple and cheap to implement. It鈥檚 this that researchers from the US air force鈥檚 Institute of Technology at Wright-Patterson Air Force Base in Ohio are unhappy with. Donald McCallie, Jonathan Butts and Robert Mills warn that the unencrypted signals could be intercepted and spoofed by hackers, or simply jammed.

聯The unencrypted signal giving an aircraft鈥檚 location could be intercepted and spoofed by hackers聰

The team says the vulnerabilities it has identified 鈥渃ould have disastrous consequences including confusion, aircraft groundings, even plane crashes if exploited by adversaries鈥 (International Journal of Critical Infrastructure Protection, ).

One attack they label 鈥渓ow difficulty鈥 is a 鈥済round station flood denial鈥: jamming an ADS-B ground receiver mast (like a cellphone mast) by placing a low-power radio transmitter near it. That effectively blinds controllers to where planes are.

Tougher to carry out is a 鈥済host aircraft injection鈥. This attack mimics the format of ADS-B data packets to create fake aircraft signals, either on the ground controller鈥檚 screen or on the pilot鈥檚 tracking display.

鈥淲e鈥檙e aware of the research undertaken by the US air force and have been working for some time with UK and European authorities and agencies to understand and mitigate the issues,鈥 says Brendan Kelly, policy chief at National Air Traffic Services in the UK.

But the Federal Aviation Administration, which wants ADS-B fully operational across the US by 2020, says tests it completed in 2009 show ADS-B has no risks over and above those presented by existing radar systems. 鈥淭he FAA has a thorough risk management process for all possible risks to ADS-B, including intentional jamming,鈥 says a spokesman.

McCallie鈥檚 team is not convinced, and has asked to see the FAA鈥檚 test data 鈥 which the agency has so far refused to make public, citing security concerns. The team accepts that such concerns are warranted, but insist that additional safeguards must be introduced into ADS-B. Specifically, they say ways to authenticate messages between planes and ground control ought to be explored. 鈥淪ecurity as an afterthought will not suffice,鈥 they write.