The Federal Aviation Administration's next-generation air traffic control systems are vulnerable to hackers, who could send fake airplane signals to towers or track private planes carrying famous people.
At the Black Hat conference currently going on in Las Vegas, security researcher Andrei Costin demonstrated a way to "spoof" an airplane's signal to an air traffic controller using about $1,000 worth of radio equipment.
The vulnerability comes from the way the new air traffic control system, which is scheduled to be fully on-line by 2020, gets its signals.
Air traffic controllers are good at tracking "rogue" signals from the ground and the current system uses radar to "ping" an airplane, whose transponder sends a signal back. Older radar systems are also hard to fool from a random ground-based transmitter.
The new system, called Automated Dependent Surveillance-Broadcast or ADS-B, works a little differently. The planes will transmit their locations by radio instead of depending on towers to track them, as well as linking to the GPS network.
That is more efficient and safer; every plane will be able to see every other, and the controllers will see the same things as the planes. No more situations where radar shows one thing and the airplane's collision-avoidance system show another.
The down side is that the signals aren't encrypted, so anybody can listen in. On top of that, using a software-defined radio (basically a radio whose characteristics are determined with a small computer rather than the usual hardware), it's possible to transmit the signals that a plane does to the tower, and there would be no way to tell. A good radio can be had for about $1,000 or less.
It's easy to see why this could be a problem. While a hacker can't take a plane from the sky, he or she could certainly cause a lot of chaos at the airport by simply filling the air traffic controller's screen with a lot of fake airplanes. Even though each aircraft could be checked against a flight plan it would still be difficult -– if not impossible — to do.
They wouldn't be completely helpless, of course, and even if the planes were getting confusing signals from the ground, visual and radar cues would prevent a lot of accidents. (So if you're thinking of the plot to "Die Hard 2" you can relax). But a major airport forced to shut down for even an hour would be a major headache.
Then there's tracking famous people. Since the signal isn't encrypted, a hacker could see which plane was traveling where. Some of this information is available already (there are lots of flight arrival apps, for instance, that have it). But imagine being able to see exactly where Air Force One is, or less ominously, where to track your favorite celebrity.
The FAA has released a statement saying that it has a plan to deal with security breaches, and Skip Nelson, president of ADS-B Technologies, one of companies making these components told CNN that there are countermeasures in place.
Image: Wikimedia Commons / Mark Brouwer