You don’t often hear about planes crashing in mid-air. The systems they have in place have done a fairly good job at keeping passengers safe. But safety and security are two different things, and while the systems may work, one researcher has found they are scarily easy to hack.
“This is like shooting fish in a barrel. If you’re not scared about this, you should be,” said researcher Nick Foster at the Def Con conference in Las Vegas. “Without encryption without any bottom security and protocol, it’s just not hard.”
The systems that keep planes from running into each other are called Automatic Dependent Surveillance Broadcast and there are two types ADS-B In (the transmissions sending information to the planes) and ADS-B out (the transmissions sending information to the tower). Both of these transmission types are unencrypted and unauthenticated — meaning the transmissions between the plane and tower are not protected and there’s no way to prove it actually came from the plane or the tower. Anyone can listen to these transmissions and monitor where planes are going and how fast.
Renderman, or Brad Haines, discovered this blatant vulnerability after checking out Planefinder AR, an app that lets you hold your phone to the sky and see where the flights overhead are going. He wondered where the app got its data, and found a number of websites that aggregated data from users. These users set up ground stations, collect data from flights going over, and feed the data into the site’s database.
So, what can people do with that information? Hack it, of course.
If you have access to the transmissions being sent to the tower, who is to say you can’t fuzz the information, add a bit of your own data to the real data. For example, you could tell air traffic control that there was a plane headed straight for the tower, though no plane existed. You could also potentially jam the system by adding fifty more planes to the control tower’s systems, which could send the operators scrambling or overload the system. You could also duplicate a real flight headed through the area. This is dangerous if the tower operators decide to ignore the right flight data, thinking it was a glitch in the system.
Pilots in flight can be messed with as well. A hacker could alert pilots to a fake plane headed straight for it. They could also spoof the GPS, which pilots depend on to know where they are in the skies. We saw GPS spoofing recently when Iran landed a U.S. drone flying in the vicinity. The country’s engineers were allegedly able to hack into the drone’s systems, make it think it was in its landing location and landed the drone within its borders.
Haines stressed, “for the love of Spongebob do not try anything you’re about to see.” He wanted to make this public so that the airline industry can patch up its leaky ship — encrypt and protect this information.