The Sky is Falling: Hacking Air Traffic Corridors! LIVE Web Show

The Sky is Falling: Hacking Air Traffic Corridors! LIVE Web Show

Henry Dalziel | General Hacking Posts, Hacker Hotshots | November 25, 2013

We are absolutely thrilled to have RenderMan on a Hacker Hotshots/ InfoWarCon web show today, Monday November 25th.

Winn Schwartau will be joined by RenderMan, and they will be discussing: “The Sky is Falling: Hacking the Air Traffic Corridors.” RenderMan is the hacker – when it comes to AirTraffic/ Air Control hacking.

Winn and Brad (RenderMan) will be discussing:

  • FAA and the airlines have not thought about security and outside attackers.
  • Secure and safety are two very different things.
  • The industry does not want to hear our research and ignores us.

In researching this blog post I noticed that the last point, i.e. that the industry ignores the evidence, seems to be particularly accurate. A Fox News article mentioned that a Spanish researcher (April 2013) has created an Android App that could ‘take control of an airplane’ during a flight owing to security flaws in the FAA’s 25-year-old communications software. When asked for a quote RenderMan replied:

“The fact that you’ve got another guy coming up with the same conclusion…this is suddenly proving things.”

The FAA counter these claims but let RenderMan persuade you otherwise! As a highly respected and recognized speaker on the security conference scene, RenderMan has presented this talk several times so this will be an excellent opportunity to learn more and see what security measures are being put in place.

Legacy Air Traffic Control systems had the following attributes:

  • Firstly, that Air Traffic Control has not changed much since the 1970’s
  • Primary radar provides range and bearing, and no elevation
  • Transponder system (SSR) queries the plane, plane responds with a 4-digit identifier + elevation
  • ID number attached to flight on radar scope, great deal of manual communication and work required
  • Transponder ID used to communicate situations i.e. emergencies, hijacking, etc
  • Transponder provides a higher power return than primary radar reflection, longer range
  • Only interrogated every 6-12 seconds, low resolution of altitude
  • Pilots get no benefit (traffic, etc)
  • Requires large separation of planes (~80miles) which limits traffic throughput in busy areas

However, the FAA are rolling out a new upgrade called the ‘NextGen’ system. This system is intended to better manage the FAA to keep tabs on every plane in flight by using GPS data rather than traditional radar. This system is meant to allow for more precise tracking of planes that will allow pilots to choose more direct routes as well as replacing an antiquated system.

The NextGen architecture costs billions of dollars, and is still being implemented today – in 2013.

However, here’s the main point which RenderMan will undoubtedly discuss: the NextGen system may contain the same flaw that made it possible to hack in to Air Traffic Control – that the location data being transmitted between the airplane and the Control Tower is unencrypted and unauthenticated therefore leaving them open to potential hacker attack. Said more specifically, RenderMan’s research shows that anyone can listen to 1090Mhz and decode the transmissions from aircraft in real time and no data level authentication of data from aircraft, just simple checksums.

In Summary
This is a pretty unbelievable talk if you think about it. We all would have thought that after 911 we’d be free from all types of aviation risks.

This talk forms part of our InfoWarCon series in which we have had the privilege of having some of the best and brightest security minds come on the show. Come and join us for RenderMan’s event which will be this Monday, November 25th at 1200 EST.

If you can’t make it then still hit the link above to watch the recorded version. As usual you can leave comments below or better still, ask a question during the event!

Leave a comment or reply below...thanks!