Skip to main content

ADS-B Hackers Pose Possible Threat to NextGen Air Traffic Control System

In my July 11, 2012 RF Technology Column, Software Radios Help Explore RF Spectrum, I described how an inexpensive (less than $30) USB tuner stick could be used with a computer as a software-defined radio to explore analog and digital signals in the 64-1800 MHz (or wider) spectrum. One application for the device, in conjunction with GNU Radio, is as an ADS-B receiver that shows the location of nearby planes.

ADS-B is the basis of the new NextGen air traffic control system, where aircraft report their location using frequencies around 1 GHz. I haven't had any luck yet receiving ADS-B signals, probably due to a poor indoor antenna and bad locations, but there are numerous examples of how it can be used to show the location of aircraft with ADS-B transmitters. See Clayton's Domain for step-by-step instructions. ADS-B is unencrypted. 

I hadn't considered the possibility that a software-defined radio could also be used to create “ghost” planes, perhaps dozens of them, shutting down an airport and causing other aircraft to change their flight path to avoid them. National Public Radio's “All Things Considered” discussed this potential problem Tuesday evening in the story Could The New Air Traffic Control System Be Hacked?

Reporter Steve Henn discusses Canadian computer consultant Brian Haines’s (aka RenderMan) study of ADS-B vulnerabilities. Haines said, “If you could introduce enough chaos into the system--for even an hour--that hour will ripple though the entire world's air traffic control.” 

Nick Foster implemented ADS-B Out on GNU radio and showed he could generate a ghost plane. He didn't hook up the software-defined radio transmitter to an antenna, but if he had, and the signal were strong enough, the ghost plane would have appeared on air traffic control displays. The NPR article has a link to Haines' presentation at Defcon 20, Hackers + Airplanes – No Good Can Come of This with additional details on ADS-B and the threat to it. 

The FAA says it has ways to validate the ADS-B messages, but Haines questions whether these will work in all situations. 

I found additional details on the hack in an article not referenced in the NPR story. For more technical details on how the system could be hacked, see Ghost in the Air (Traffic): On insecurity of ADS-B protocol and practical attacks on ADS-B devices by Andrei Costin and Aurelien Francillon from the Network and Security Department at EURECOM in France. 

If you fly as much as I do, this is scary. Fortunately people like Brian Haines and stories like the one on NPR are sounding the alarm before ADS-B becomes mandatory in 2020. Don't turn off those old radar systems. 

Doug Lung is one of America's foremost authorities on broadcast RF technology. He has been with NBC since 1985 and is currently vice president of broadcast technology for NBC/Telemundo stations.