Security Flaws Found in ADS-B Air Traffic Control System
'Any attacker can pretend to be an aircraft,' researcher Andrei Costin says.
"Costin, a computer scientist and graduate student at Eurecom, outlined a series of issues related to the Automatic Dependent Surveillance-Broadcast (ADS-B) system, which is being installed as a replacement to the decades-old ground radar system used to guide airplanes through the sky and on the ground at airports," writes InformationWeek's John Foley. "Among the threats to ADS-B is that the system lacks a capability for message authentication. 'Any attacker can pretend to be an aircraft' by injecting a message into the system, Costin said."
"The problems with ADS-B are identical to many other types of critical infrastructure systems that lack encryption and authentication of communications," writes Wired's Kim Zetter. "The communication that occurs between planes and ground systems is transmitted in cleartext and doesn’t require the source of a transmission to be authorized, thereby allowing an attacker on the ground to intercept, read and change messages being transmitted or to inject wholly fake messages into the communication stream that the system accepts as genuine."
"Meanwhile, the Federal Aviation Administration continues to spend hundreds of millions of dollars on ADS-B," writes Forbes' Andy Greenberg. "Costin argues that the the protocol needs to be fixed now, before more money is poured into its implementation, or before its security vulnerabilities lead to real-world problems. 'The presentation aims to raise awareness that such a system can’t carry on until 2020, when software-defined radios will be many levels more advanced,' he says. 'This isn’t going away.'"