The ADS-B system that is the cornerstone of the FAA’s NextGen ATC modernization plan is at risk of serious security breaches, according to Brad Haines (aka RenderMan), a hacker and network security consultant who is worried about ADS-B vulnerabilities. Haines outlined his concerns during a presentation he gave at the recent DefCon 20 hacker conference in Las Vegas, explaining that ADS-B signals are unauthenticated and unencrypted, and “spoofing” or inserting a fake aircraft into the ADS-B system is easy.
Haines and hacker Nick Foster demonstrated this by spoofing a fake aircraft into simulated San Francisco airspace, using the Flight Gear simulator program. He said spoofing a target into the real ADS-B system would be a simple matter of transmitting the signal on the ADS-B frequencies.
The FAA said that the ADS-B system is secure and that fake ADS-B targets will be filtered from controllers’ displays. “An FAA ADS-B security action plan identified and mitigated risks and monitors the progress of corrective action,” an FAA spokeswoman told AIN.
A spokeswoman for key ADS-B contractor ITT Exelis explained, “The system has received the FAA information security certification and accreditation. The accreditation recognizes that the system has substantial information security features built in, including features to protect against…spoofing attacks. [This] is provided through multiple means of independent validation that a target is where it is reported to be.”