Automated Dependent Surveillance-Broadcast, or ADS-B, is the future of Air Traffic Control. It’s an automated system that allows hardware on planes to radio in the aircraft’s coordinates to the tower, instead of using radar to pick up each plan individually. Problem is, you can still hack it to hell.
While the ADS-B is safeguarded against more traditional digital worries — like being totally shut down or unable to communicate with planes — it lacks the encryption and authentication to protect it from other forms of attack. For example, “a medium-technical savvy person” could easily impersonate a plane. Someone who knows what they’re doing? They could impersonate thousands.
Two separate papers are being presented at the Black Hat and Defcon security conference this week detailing how vulnerable ADS-B is to such an attack. There are failsafes, like the retention of half of the old radar equipment, and the ability to cross check flight logs, but if the number of false signals spirals out of control — like a distributed denial of service (DDoS) attack — it could totally cripple the system.
Security people have been telling the FAA that ADS-B is insecure for years, but it’s already spend hundreds of millions of dollars on the system, so it’s probably got to patch the flawed ADS-B up instead of letting it rot in cold storage — and then hope that HOIC’s eventual big brothers don’t make it wish it hadn’t. [Forbes]