ADS-B Is Insecure and Easily Spoofed, Say Hackers

 - September 3, 2012, 12:45 AM

The ADS-B system that is the cornerstone of the FAA’s NextGen ATC modernization plan is at risk of serious security breaches, according to Brad Haines, a hacker and network security consultant who is worried about ADS-B vulnerabilities. Haines first outlined his concerns during a presentation he gave at the Def Con 20 hacker conference in Las Vegas in July. Automatic Dependent Surveillance-Broadcast (ADS-B) is on track to replace radar with a system that broadcasts GPS-based position data to controllers and other ADS-B-equipped aircraft as part of the NextGen system. Yet according to Haines–aka RenderMan–ADS-B signals are unauthenticated and unencrypted, and “spoofing” or inserting a fake aircraft into the ADS-B system is easy.

Haines and another hacker named Nick Foster demonstrated this by spoofing a fake aircraft into the simulated busy airspace over San Francisco, using the open source Flight Gear flight simulator program. Spoofing a target into the real ADS-B system would be a simple matter of transmitting the signal on the ADS-B frequencies (978 and 1090 MHz).

The FAA told AIN that the ADS-B system is secure. “We have ways of validating the data that shows up on a controller’s screen so that spoofed targets are filtered out,” an FAA spokeswoman said. “An FAA ADS-B security action plan identified and mitigated risks and monitors the progress of corrective action. These risks are security sensitive and are not publicly available. The air traffic system is based on redundancies to ensure safe operations. The FAA plans to maintain about half of the current network of secondary radars as a backup to ADS-B in the unlikely event it is needed.”

According to Haines, the FAA’s method for filtering spoofed targets relies on multilateration, which is a technique for identifying a target using ground stations that detect transmissions from the target (usually transponder signals). But such filtering, he pointed out, would remove spoofed targets only from the FAA’s TIS-B feed, which sends ADS-B data to aircraft from ADS-B ground stations. “The spoofing threat can be mitigated with multilateration,” Haines noted. “However, an airplane receiving ADS-B [air-to-air] data has no way to do that.” In other words, an ADS-B in receiver on an aircraft will have no way of telling whether the ADS-B signal that it is receiving is from another aircraft or from a spoofed target transmitted on the ADS-B frequencies.

Longstanding Concerns about ADS-B Security

Concerns about ADS-B security aren’t new. In a 2009 graduate research project at the Air Force Institute of Technology at Wright-Patterson Air Force Base in Dayton, Ohio, Air Force Major Donald McCallie identified ADS-B vulnerabilities. “As early as 2006, concerns were raised about the ability of hackers to introduce as many as 50 false targets onto controllers’ radar screens. With open broadcast and no encryption there is no confidentiality; a lack of any authentication provides no integrity; and the ability to jam signals brings into question availability. The ADS-B infrastructure requires that all surveillance be open, and therefore non-secure, communications. As ADS-B is implemented, the potential exists for an attacker to exploit the inherent vulnerabilities of such an open system,” according to the paper.

McCallie’s paper outlines six key ways that attackers could harm the ADS-B system, ranging from relatively easy disruptions using jamming equipment to more difficult target ghost inject (spoofing) to flood denial, which means disrupting the ADS-B frequencies. While McCallie characterizes airborne target spoofing as a medium-high difficulty operation, he wrote, “Because there is no data correlation like that which may occur in a ground station, it may be somewhat easier to inject a ghost target into an aircraft; although, physical access may offset that advantage.”

Looking even farther back, a paper dated Sept. 18, 2001, and written by the FAA’s Ron Jones raised the issue of ADS-B security in relation to the 9/11 terrorist attacks that had taken place a week earlier. Jones raised two issues: “Probably the most fundamental security issue with ADS-B is the core idea of broadcasting the identity and precise location of each aircraft. This would open the door for a terrorist to attack specific aircraft or aircraft of a specific airline or corporation. While some people have suggested some form of encryption might be applied, I do not see any way in which this could be effective without fully undermining the basic ADS-B concept and associated benefits.” The second issue foreshadowed the current concern with fake targets. “As already briefly noted in DO-242 [RTCA standards] some applications may require independent validation of the ADS-B information. This has two aspects. One is simply to detect failures that result in errors in the reported aircraft location. The second is to detect spoofing and this is the aspect where the security concerns are raised.”

Haines is pleased that his bringing up the issue of ADS-B security has ignited some discussion of the subject, although he told AIN that no authorities have contacted him seeking advice on the system’s vulnerabilities. He also worries that other countries implementing ADS-B are not addressing these security issues. If it were up to him, he said, he would focus on “training, policies and procedures. [And] understanding the risks and that one needs to ask questions like ‘what happens if this thing that is supposed not to fail fails.’ Ifa way for multilateration to be spoofed is found, what then? If our [fake target] attack is actually possible, how does that undermine the reliability?How quickly can the industry adapt? I would also build in more capacity for outside testing. The tools and techniques to screw with this stuff are at a maturity level that make it accessible to most people.Are the FAA et al thinking they have covered every possibility? Just remember how many ‘secure’ systems were compromised by teenagers in their parents’ basements.”


If you haven't been paying attention to all the press coverage this issue has been getting, here's a link that tracks it since Wired first published their article 'Air Traffic Controllers Pick the Wrong Week to Quit Using Radar' back in July -

Another really good source for background information is NPR's coverage at This is where you'll get to meet Brad Haines, who, along with Andrei Costin, spoke about this at Defcon recently.

But you should also read Tim Taylor's recent blog entitled 'THE SKY IS CALLING, NOT FALLING' where Tim talks about the disturbing news in the past few weeks that make it sound as if the ongoing roll-out of ADS-B and the NextGen airspace system is in imminent peril. To paraphrase Tim's recommendations:

1) Relax, the situation is OK, bordering on “normal.” - The FAA says it has procedures in place to prevent that, and that system security is integral to ADS-B technical specifications. At minimum the subject gets continuous and very careful attention in engineering circles – by people who are at least as smart as the headline makers and who have had more than a decade to consider system security. We are not losing sleep over this.

2) Don’t relax, keep moving, there’s a lot to be done in a short time. - The ADS-B network is already active in most of the country, and towers are being added to complete coverage. The risks cited in the news stories have little if any impact on the current network. Pilots can receive meaningful safety and cost benefits by using ADS-B now. There really is no reason to delay equipping for free data-link weather data at least.

We are not going to let our campaign.. Umm.. program be dictated by fact checkers.