Air Traffic Software Vulnerable to DoS Attacks

According to Andrei Costin, $2,000 in equipment and "modest tech skills" are enough to throw an air traffic control system of virtually any airport into complete disarray. The ADS-B system that is used across the world is vulnerable as it does not verify that incoming traffic signals as genuine.

Costin says that a hacker could inject flights that do not exist and could confuse an air controller station. Air controllers could cross-check flights with flight schedules, but if the number of phantom flights is high enough, there is no way that cross-checks would work. Consider it like an DoS attack on an air traffic control system.

Costin noted that rogue signals from the ground can be generally identified and ruled out as malicious signals, but there is no way to do the same for robotic aircraft, for example. He also noted that data sent from airplanes to air traffic controllers is unencrypted and can be captured by unidentified sources. Since this applies to any aircraft, it is in theory possible to deploy airplane tracking devices to track specific aircraft.

 

Contact Us for News Tips, Corrections and Feedback

Create a new thread in the US News comments forum about this subject
This thread is closed for comments
16 comments
    Your comment
    Top Comments
  • happyballz
    drwho1Is Tom's doing now a "terrorist hand book"?Why tell the world how to attack airplanes or airports?

    So...we will just ignore this issue and act like it is not there and eventually it will go away right? Yeah I didn't think so.

    More than likely this vulnerability was revealed long time ago and reported to the affected facilities since he is a "Security researcher" and that is his job to find exploits.
    14
  • nieur
    drwho1Is Tom's doing now a "terrorist hand book"?Why tell the world how to attack airplanes or airports?

    Attacker don't need any help from Tom's.It's always good to know the vulnerability of any standards deployed in commercial systems
    11
  • Other Comments
  • drwho1
    Is Tom's doing now a "terrorist hand book"?
    Why tell the world how to attack airplanes or airports?
    -16
  • nieur
    drwho1Is Tom's doing now a "terrorist hand book"?Why tell the world how to attack airplanes or airports?

    Attacker don't need any help from Tom's.It's always good to know the vulnerability of any standards deployed in commercial systems
    11
  • happyballz
    drwho1Is Tom's doing now a "terrorist hand book"?Why tell the world how to attack airplanes or airports?

    So...we will just ignore this issue and act like it is not there and eventually it will go away right? Yeah I didn't think so.

    More than likely this vulnerability was revealed long time ago and reported to the affected facilities since he is a "Security researcher" and that is his job to find exploits.
    14