Doug Lung / RF Report
08.17.2012 10:53 AM
ADS-B Hackers Pose Possible Threat to NextGen Air Traffic Control System
NextGen air traffic control system allows aircraft to report their location using frequencies around 1 GHz
In my July 11, 2012 RF Technology Column, Software Radios Help Explore RF Spectrum, I described how an inexpensive (less than $30) USB tuner stick could be used with a computer as a software-defined radio to explore analog and digital signals in the 64-1800 MHz (or wider) spectrum. One application for the device, in conjunction with GNU Radio, is as an ADS-B receiver that shows the location of nearby planes.  
ADS-B is the basis of the new NextGen air traffic control system, where aircraft report their location using frequencies around 1 GHz. I haven't had any luck yet receiving ADS-B signals, probably due to a poor indoor antenna and bad locations, but there are numerous examples of how it can be used to show the location of aircraft with ADS-B transmitters. See Clayton's Domain for step-by-step instructions. ADS-B is unencrypted. 
I hadn't considered the possibility that a software-defined radio could also be used to create “ghost” planes, perhaps dozens of them, shutting down an airport and causing other aircraft to change their flight path to avoid them. National Public Radio's “All Things Considered” discussed this potential problem Tuesday evening in the story Could The New Air Traffic Control System Be Hacked?
Reporter Steve Henn discusses Canadian computer consultant Brian Haines’s (aka RenderMan) study of ADS-B vulnerabilities. Haines said, “If you could introduce enough chaos into the system--for even an hour--that hour will ripple though the entire world's air traffic control.” 
Nick Foster implemented ADS-B Out on GNU radio and showed he could generate a ghost plane. He didn't hook up the software-defined radio transmitter to an antenna, but if he had, and the signal were strong enough, the ghost plane would have appeared on air traffic control displays. The NPR article has a link to Haines' presentation at Defcon 20, Hackers + Airplanes – No Good Can Come of This with additional details on ADS-B and the threat to it. 
The FAA says it has ways to validate the ADS-B messages, but Haines questions whether these will work in all situations. 
I found additional details on the hack in an article not referenced in the NPR story. For more technical details on how the system could be hacked, see Ghost in the Air (Traffic): On insecurity of ADS-B protocol and practical attacks on ADS-B devices by  Andrei Costin and Aurelien Francillon from the Network and Security Department at EURECOM in France. 
If you fly as much as I do, this is scary. Fortunately people like Brian Haines and stories like the one on NPR are sounding the alarm before ADS-B becomes mandatory in 2020. Don't turn off those old radar systems. 

Post New Comment
If you are already a member, or would like to receive email alerts as new comments are
made, please login or register.

Enter the code shown above:

(Note: If you cannot read the numbers in the above
image, reload the page to generate a new one.)

Posted by: Anonymous
Sat, 08-18-2012 12:09 AM Report Comment
Maybe one day, folks will realize that everything doesn't need to be on the internet.
Posted by: Anonymous
Mon, 08-20-2012 06:27 PM Report Comment
My first name is Brad, not Brian

Thursday 11:07 AM
The Best Deconstruction of a 4K Shoot You'll Ever Read
With higher resolutions and larger HD screens, wide shots using very wide lenses can be a problem because they allow viewers to see that infinity doesn’t quite resolve into perfect sharpness.

Featured Articles
Discover TV Technology