Flaws found in mandated aircraft safety system

Powered by SC Magazine
 

Researchers reveal how attacks could alter aircraft trajectories.

Aircraft flying to the world's most popular airports could be placed in danger by accurate yet inexpensive attacks targeting a widespread aviation safety system, according to European information security researchers.

Researchers proved attackers with control over a wireless network and possessing off-the-shelf equipment could jam and interfere with flight collision systems, elevating the otherwise low risk of a crash.

An attacker could theoretically flood air traffic control monitors with images of fake aircraft and even modify the trajectory of those in the sky -- undermining systems that aim to provide pilots with information on the location and direction of aircraft.

The system in question is mandated for use in Australia.

The automatic dependent surveillance-broadcast (ADS-B) network was last week mandated to be installed for all aircraft cruising above 29,000 feet in Australia by the nation's Civil Aviation Safety Authority (CASA). Australia was the first country to deploy the system using the 1090ES platform.

The United States uses a dual ADS-B platform of 1090ES for all flight altitudes and what critics argue was the more effective Universal Access Transceiver (UAT) system for flights below 18,000 feet.

Crucially, the latter platform provides enough bandwidth to enable encryption, which would render the demonstrated attacks ineffective.

"Our results reveal some bad news," researchers Matthias Schafer, Vincent Lenders, and Ivan Martinovic wrote in a research paper (pdf). "Attacks on ADS-B can be inexpensive and highly successful."

The researchers' findings revealed that air traffic safety systems "should not rely exclusively on ADS-B".

Attacks on the ADS-B system could be used to reveal the position of hidden military aircraft using cheap equipment that could detect planes from 450 kilometres away.

"Our measurements conclude that the reception quality and range with low cost equipment is remarkable," the researchers wrote.

ASD-B

CASA did not respond to multiple requests for comment from this publication.

Adelaide-based private pilot and aviation programmer Bas Scheffers (@basscheffers) said the industry should have opted for UAT which would reduce costs for pilots and enable the use of encryption.

"The military do encrypted ADS-B on 1090 by making each position report actually three transmissions long and even then [it] is manageable if you are the military but impossible in the civilian world," Scheffers said.

"In my opinion, 1090ES should never have been used for ADS-B. UAT is the better technology, the lower cost technology and has enough bandwidth to implement proper public/private key signing of messages."

Airservices Australia, which deploys ADS-B, said flight controllers used other mechanisms in conjunction with ASD-B including voice and data communications, flight planning and radar.
 
"Australia's air traffic control system and network has multiple layers of safety, security and resilience built into it to both mitigate and minimise current and prevailing risks," a spokesperson said.
 
"All threats, both real and perceived to our environment are monitored and reviews undertaken to ensure the integrity of our systems is balanced against the alternatives."

The air navigation provider said it "regularly assesses" risks to Australia's airways including "ongoing assessment of the risks associated with the adoption and use of new technologies such as" ADS-B.

Digital rights advocate Geordie Guy (@GordyPls), operator of an ADS-B real-time flight tracking service, said spoofing could cause problems if pilots and operators did not consult other sources of information.

"ADS-B is probably be easy to spoof because it's an insecure peer-to-peer protocol for exchanging information by participants," Guy said.

"The good news is pilots don't actually rely on ADS-B as a sole system, because pilots don't rely on any single piece of information to navigate and fly ... for now I think the words 'hacked air traffic control' spoken out loud are a thousand times scarier than the actual danger of bad ADS-B traffic broadcast."

The experiment setup

 

Further criticism of the ADS-B mandate centred on the estimated $30,000 cost burden it placed on recreational pilots, that it would be limited because many light aircraft would never be fitted with the technology, and that it failed to address broader aviation safety concerns. 

In a interview, former director of the Australian Aircraft Owners & Pilots Association Bill Hamilton said the ADS-B system may force pilots to rely too much on their screens and not enough looking out the cockpit.

"Mid-air collisions almost never happen outside of gliders," Hamilton said. "It's a failure of basic training, of pilots to keep a proper lookout."

The 'ghost aircraft'

The researchers revealed that previously known attacks thought to be out of reach of attackers were both accessible and cheap, and had also discovered the new attack in which aircraft trajectories could be modified.

Information on particular aircraft could also be gleaned, leading to the possibility of targeted attacks, according to the research.

The new virtual trajectory modification attack could be implemented by combining message deletion and injection which erased aircraft position reports and replayed modified versions, or by modifying position reports of aircraft in the air.

Attackers with about $2000 worth of commercial off-the-shelf equipment could create a flood of fake aircraft to appear on the monitors of pilots and ground control staff. The attacks first discovered in 2010 and further developed in 2011 meant 'ghost aircraft' could appear as taxiing or flying.

"... combined with poor visibility, this could force controllers to deny landings or instruct aircraft to change their altitude and or course unnecessarily," the researchers wrote.

"In the air, on-board ADS-B-based collision avoidance systems offer attackers a simple way to distract pilots. Again, with poor visibility, pilots primarily make decisions based on their instruments what makes them vulnerable to malicious interference."

Operators would face a "complete loss of situational awareness" in the event of a flood of fake aircraft as it would be "difficult and time-consuming" to spot real aircraft.

Researchers also found attackers could initiate false alarms such as those an aircraft might transmit in a terrorist attack, and also make aircraft disappear off monitors. Ground stations too could be jammed, wiping ADS-B signal messages.

"Especially in high density areas (around major international airports), a sudden failure of the surveillance or collision avoidance systems is described as devastating by controllers and could result in confusion and human failure with fatal consequences," the researchers wrote.

Complex attacks that combined the demonstrated scenarios were considered "imaginable" but were beyond the scope of the research.

The researchers noted the attacks presented a heightened risk due to a doubling flight movements predicted by the European Organisation for the Safety of Air Navigation to occur by 2030.

Copyright © SC Magazine, Australia


Flaws found in mandated aircraft safety system
 
 
 
Top Stories
Frugality as a service: the Amazon story
Behind the scenes, Amazon Web Services is one lean machine.
 
Negotiating with the cloud email megavendors
[Blog post] Lessons from Woolworths’ mammoth migration.
 
Qld govt to move up to 149k staff onto Office 365
Australia's largest deployment, outside of the universities.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...

Latest VideosSee all videos »

The great data centre opportunity on Australia's doorstep
The great data centre opportunity on Australia's doorstep
Scott Noteboom, CEO of LitBit speaking at The Australian Data Centre Strategy Summit 2014 in the Gold Coast, Queensland, Australia. http://bit.ly/1qpxVfV Scott Noteboom is a data centre engineer who led builds for Apple and Yahoo in the earliest days of the cloud, and who now eyes Asia as the next big opportunity. Read more: http://www.itnews.com.au/News/372482,how-do-we-serve-three-billion-new-internet-users.aspx#ixzz2yNLmMG5C
Interview: Karl Maftoum, CIO, ACMA
Interview: Karl Maftoum, CIO, ACMA
To COTS or not to COTS? iTnews asks Karl Maftoum, CIO of the ACMA, at the CIO Strategy Summit.
Susan Sly: What is the Role of the CIO?
Susan Sly: What is the Role of the CIO?
AEMO chief information officer Susan Sly calls for more collaboration among Australia's technology leaders at the CIO Strategy Summit.
Meet the 2014 Finance CIO of the Year
Meet the 2014 Finance CIO of the Year
Credit Union Australia's David Gee awarded Finance CIO of the Year at the iTnews Benchmark Awards.
Meet the 2014 Retail CIO of the Year
Meet the 2014 Retail CIO of the Year
Damon Rees named Retail CIO of the Year at the iTnews Benchmark Awards for his work at Woolworths.
Robyn Elliott named the 2014 Utilities CIO of the Year
Robyn Elliott named the 2014 Utilities CIO of the Year
Acting Foxtel CIO David Marks accepts an iTnews Benchmark Award on behalf of Robyn Elliott.
Meet the 2014 Industrial CIO of the Year
Meet the 2014 Industrial CIO of the Year
Sanjay Mehta named Industrial CIO of the Year at the iTnews Benchmark Awards for his work at ConocoPhillips.
Meet the 2014 Healthcare CIO of the Year
Meet the 2014 Healthcare CIO of the Year
Greg Wells named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at NSW Health.
Meet the 2014 Education CIO of the Year
Meet the 2014 Education CIO of the Year
William Confalonieri named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at Deakin University.
Meet the 2014 Government CIO of the Year
Meet the 2014 Government CIO of the Year
David Johnson named Government CIO of the Year at the iTnews Benchmark Awards for his work at the Queensland Police Service.
Q and A: Coalition Broadband Policy
Q and A: Coalition Broadband Policy
Malcolm Turnbull and Tony Abbott discuss the Coalition's broadband policy with the press.
AFP scalps hacker 'leader' inside Australia's IT ranks.
AFP scalps hacker 'leader' inside Australia's IT ranks.
The Australian Federal Police have arrested a Sydney-based IT security professional for hacking a government website.
NBN Petition Delivered To Turnbull's Office
NBN Petition Delivered To Turnbull's Office
UTS CIO: IT teams of the future
UTS CIO: IT teams of the future
UTS CIO Chrissy Burns talks data.
New UTS Building: the IT within
New UTS Building: the IT within
The IT behind tomorrow's universities.
iTnews' NBN Panel
iTnews' NBN Panel
Is your enterprise NBN-ready?
Introducing iTnews Labs
Introducing iTnews Labs
See a timelapse of the iTnews labs being unboxed, set up and switched on! iTnews will produce independent testing of the latest enterprise software to hit the market after installing a purpose-built test lab in Sydney. Watch the installation of two DL380p servers, two HP StoreVirtual 4330 storage arrays and two HP ProCurve 2920 switches.
The True Cost of BYOD
The True Cost of BYOD
iTnews' Brett Winterford gives attendees of the first 'Touch Tomorrow' event in Brisbane a brief look at his research into enterprise mobility. What are the use cases and how can they be quantified? What price should you expect to pay for securing mobile access to corporate applications? What's coming around the corner?
Ghost clouds
Ghost clouds
ACMA chair Chris Chapman says there is uncertainty over whether certain classes of cloud service providers are caught by regulations.
Was the Snowden leak inevitable?
Was the Snowden leak inevitable?
Privacy experts David Vaile (UNSW Cyberspace Law and Policy Centre) and Craig Scroggie (CEO, NextDC) claim they were not surprised by the Snowden leaks about the NSA's PRISM program.
Latest Comments
Polls
Which bank is most likely to suffer an RBS-style meltdown?





   |   View results
ANZ
  21%
 
Bankwest
  9%
 
CommBank
  11%
 
National Australia Bank
  17%
 
Suncorp
  24%
 
Westpac
  19%
TOTAL VOTES: 1455

Vote