Sign in with
Sign up | Sign in

Air Traffic Software Vulnerable to DoS Attacks

By - Source: PhysOrg | B 16 comments

A security researcher revealed a flaw in commonly used air traffic control software that would allow an attacker to create an unlimited number of phantom flights.

According to Andrei Costin, $2,000 in equipment and "modest tech skills" are enough to throw an air traffic control system of virtually any airport into complete disarray. The ADS-B system that is used across the world is vulnerable as it does not verify that incoming traffic signals as genuine.

Costin says that a hacker could inject flights that do not exist and could confuse an air controller station. Air controllers could cross-check flights with flight schedules, but if the number of phantom flights is high enough, there is no way that cross-checks would work. Consider it like an DoS attack on an air traffic control system.

Costin noted that rogue signals from the ground can be generally identified and ruled out as malicious signals, but there is no way to do the same for robotic aircraft, for example. He also noted that data sent from airplanes to air traffic controllers is unencrypted and can be captured by unidentified sources. Since this applies to any aircraft, it is in theory possible to deploy airplane tracking devices to track specific aircraft.

 

Contact Us for News Tips, Corrections and Feedback

Display 16 Comments.
This thread is closed for comments
Top Comments
  • 14 Hide
    happyballz , July 31, 2012 1:27 PM
    drwho1Is Tom's doing now a "terrorist hand book"?Why tell the world how to attack airplanes or airports?

    So...we will just ignore this issue and act like it is not there and eventually it will go away right? Yeah I didn't think so.

    More than likely this vulnerability was revealed long time ago and reported to the affected facilities since he is a "Security researcher" and that is his job to find exploits.
  • 11 Hide
    nieur , July 31, 2012 1:24 PM
    drwho1Is Tom's doing now a "terrorist hand book"?Why tell the world how to attack airplanes or airports?

    Attacker don't need any help from Tom's.It's always good to know the vulnerability of any standards deployed in commercial systems
Other Comments
  • 11 Hide
    nieur , July 31, 2012 1:24 PM
    drwho1Is Tom's doing now a "terrorist hand book"?Why tell the world how to attack airplanes or airports?

    Attacker don't need any help from Tom's.It's always good to know the vulnerability of any standards deployed in commercial systems
  • 14 Hide
    happyballz , July 31, 2012 1:27 PM
    drwho1Is Tom's doing now a "terrorist hand book"?Why tell the world how to attack airplanes or airports?

    So...we will just ignore this issue and act like it is not there and eventually it will go away right? Yeah I didn't think so.

    More than likely this vulnerability was revealed long time ago and reported to the affected facilities since he is a "Security researcher" and that is his job to find exploits.
  • 2 Hide
    Chainzsaw , July 31, 2012 1:37 PM
    1+ for happy.

    If we keep stuff like this in the dark....no one will ever fix it (or care about it). Maybe they will think about making this a priority now to fix.
  • 0 Hide
    Katsushiro , July 31, 2012 1:48 PM
    Don't forget that the FAA uses multiple types of sensors though. There are still long and short range radars that operate both cooperatively (transponders) and noncooperatively (traditional reflection-based radar).
  • 3 Hide
    Anonymous , July 31, 2012 2:15 PM
    This is very theoretical, and one should remember that ATC procedures were designed before radar era. So there are many options to cope with such situation. Revert to the good old Mode C for instance, and if the problem persists, lighten the traffic to cope with the situation (stop takeoffs), until the so-called pirates are located and arrested.

    For such a thing, this should not last very long, and if you check the local regulations, you'll see that this kind of jokes can send someone in jail for very very long...
  • 0 Hide
    JohnnyLucky , July 31, 2012 3:17 PM
    This is certainly not good news.
  • 1 Hide
    stingstang , July 31, 2012 3:37 PM
    ATPLThis is very theoretical, and one should remember that ATC procedures were designed before radar era. So there are many options to cope with such situation. Revert to the good old Mode C for instance, and if the problem persists, lighten the traffic to cope with the situation (stop takeoffs), until the so-called pirates are located and arrested.For such a thing, this should not last very long, and if you check the local regulations, you'll see that this kind of jokes can send someone in jail for very very long...

    I'm glad someone besides me was able to point this out before someone read this and started freaking the F out....which seems to happen all too often.
  • 1 Hide
    RADIO_ACTIVE , July 31, 2012 4:12 PM
    drwho1Is Tom's doing now a "terrorist hand book"?Why tell the world how to attack airplanes or airports?
    lol you make me laugh
  • 0 Hide
    Anonymous , July 31, 2012 4:17 PM
    If this is true - it would only work in an ADS B environment - many stations have various types of surveillance......
  • -1 Hide
    Kami3k , July 31, 2012 5:10 PM
    Why the FUCK are they connected to the internet in the first place?!
  • 1 Hide
    p_game , July 31, 2012 5:58 PM
    Kami3kWhy the FUCK are they connected to the internet in the first place?!

    Air traffic controllers are also responsible for updating the airline's Twitter page.
  • 2 Hide
    ojas , July 31, 2012 6:24 PM
    Kami3kWhy the FUCK are they connected to the internet in the first place?!

    They're not. They use radio broadcasts. Anyone can transmit or receive radio signals. If they are unencrypted, you can understand them too.

    Reading fail, eh?
  • 0 Hide
    eddieroolz , July 31, 2012 6:41 PM
    You'd think these systems would be offline from the general network...
  • -1 Hide
    fayzaan , July 31, 2012 8:04 PM
    eddieroolzYou'd think these systems would be offline from the general network...

    They need some internets too you know!!
  • 0 Hide
    A Bad Day , August 1, 2012 12:52 AM
    drwho1Is Tom's doing now a "terrorist hand book"?Why tell the world how to attack airplanes or airports?


    If Tom's Hardware figured it out, then hackers would've known months ago.

    Every countermeasure against a security problem risk informing everyone what the problem is, and often times the risk is worth it.