Hacking Air Traffic Control (yes, it is possible…..)

For All Things IT Security Conference Related

Join Our Newsletter [Over 50K Subscribers]

Let us send you information on ticket discounts, speaking opportunities and a ton more!

Home / Blog / Hacking Air Traffic Control (yes, it is possible…..)

Hacking Air Traffic Control (yes, it is possible…..)

Tagged Under:

This Monday we had the privilege of having RenderMan on the Concise Courses InfoWarCon series of web shows. To say that this was a unique and scary web show is an underestimate.


This quote in many ways sums up the disaster waiting to happen:

When I first started looking at this I was like, ‘unencrypted, unauthenticated’ – these are huge red flags for a hacker.

RenderMan

The fact is this: there is a real and genuine possibility that aviation navigational protocols and systems are vulnerable to cyber attack. This subject will be discussed in greater depth at InfoWarCon, January 22nd, in Tennessee. RenderMan will be discussing and presenting the subject in depth, for more information please follow this link.

Seriously – out of all the web shows that we have done – this one really raises some serious questions, namely, why is the FAA not paying more attention to the potential (and very likely) vulnerabilities that RenderMan has exposed. Winn Schwartau, is his usual brilliance, added some key points about the threats of today’s convergence of software and hardware without taking necessary security considerations.

Watch the video [which is 27 minutes long]

Here are the questions and answers:

Max Dalziel, Concise Courses
I read that the FAA did not respond to your research, is that true and why didn’t they help? Also, I thought that Military technology (which I assume is infinitely more secure) would have migrated to the commercial space?

RenderMan
What was really funny is that the air space in Canada is controlled by NavCan and I emailed their press link for comment [regarding their aviation security] and they were saying that it was all secure and everything. I wanted a statement and what they said was that what I was talking about was not true and that they would contact me if anything I said was true. They also said that I could meet with them if I could prove otherwise.

Next thing I saw was that I had hits on my LinkedIn profile and my website and everything like that…and I never heard back. The FAA and media people like that – there is no phone number or email address where you can say, ‘hey I think I found a vulnerability, can we talk!‘ and you only get the media guys and they act like they don’t want to touch ‘that one!’ It is really hard to get [in contact] down to the person that you really need to talk to.

Winn Schwartau
Who ideally from the FAA would you like to hear from? Maybe we can get the word out a little through here.

RenderMan
They keep saying that it is a secure system, then ok, put your money where your mouth is. Give us access to a test lab or a 747 for a day! Let’s test this! At best we can be prove beyond a reasonable doubt that the system is secure, or worst we find some vulnerability and we fix it: how is that a bad thing? Instead of dismissing us, let’s put this to the test. So if anybody has a 747 I can borrow for a while, maybe to get to Aruba, let me know!

Max Dalziel, Concise Courses
I don’t see any downside at all. I think that you are a hero. They basically have to respond to this. Could you comment on the military element?

RenderMan
The military have been using ‘Identify Friend or Foe’ since the second World War and they have a system that is encrypted but you have a much smaller user-base. They also have the option of turning off that broadcast when they are flying over a war zone. That’s the fun thing, even if it encrypted you can still direction-find where a plane is coming from. So, military does have a better system but it is not something that you can roll out easily to the commercial space. And – the military generally doesn’t like giving away secrets!


Max Dalziel, Concise Courses
Is this just a USA thing? What about other parts of the world? How difficult is hacking in to these aviation systems? How big is the community?

RenderMan
Basically the community is fairly small. There are a lot of aircraft enthusiasts but there are not a huge number of people looking at it purely from a standpoint of security. When I first started looking at this I was like, ‘unencrypted, unauthenticated’ – these are huge red flags for a hacker. It is an international, worldwide standard through the IACO, and I have been focusing on the North American side of things, because that is where I am. Also, dealing with European agencies, English might not be their first language, plus they get a little weirded out when someone starts talking about the security of their system. If you are going to be arrested it might as well be from someone nearby!

It is a world wide problem and it is good to see people like Hugh Teso who was one of the guys who has done some of this work. He basically had this software finding software in his bag and he was using an Android App to control it, to read some of the other protocols that are used on a plane. Again, [we] get the same dismissive thing from the FAA, nobody giving him access to prove that it isn’t true one way or the other.

Working with him [Hugh Teso] you can see that you have the plane location, flight computer, what happens if you spoof this and send garbage data? Is there a buffer overflow in the flight management computer? I’d be interested to see what the effects are. It is a scary thing. I have a vested interested in this and I am glad that there are other people out there that are willing to fix this.

Max Dalziel, Concise Courses
And Winn, a couple of questions for you. Obviously RenderMan will be at InfoWarCon, but what do you want to get out his research from the InfoWarCon perspective?

RenderMan
I personally want to get home!

Winn Schwartau
I want to take it a little bit higher. There is a convergence of software and hardware systems. We are seeing pizza delivering drones and we are seeing all this convergence and again we are not giving thought to the embedded security from a bad guys perspective: ‘that drone looks cool, let’s go and sell a bunch of them’. What was the last great fiasco we saw? Mobility. We’ve got two billion of them out there and there is virtually no security in 99.999% of them. Security was an after thought, they were never meant to be used for what they are being used for.

In the last twenty years we tend to look at defending against what we already know instead of looking forward to what could go wrong and having earlier preparations and designs. Whenever you design something you have to look at the good and the bad. We tend to only look at the good because we are on 90 day financial cycles in our form of capitalism. The FAA is changing the rules and all we are hearing is that there are questions that have not been answered that may all be solved and be hunky dory, but then again, they may not.

In the world of security we tend to be very ‘open source’ about things. Cryptography: you can not have a cryptographic scheme that is proprietary – it has to be open sourced. You should be able to define your security environment well enough to have an understanding of the metrics surrounding it and right now I am hearing that there is a big question. If there is a big question and transportation is a critical infrastructure I think that that is something we need to be dealing with sooner rather than later.

RenderMan
I’d like to point out that I want to be wrong. I want somebody to come up and say, here’s the documents, here’s the research and everything we have done, here’s how we are defending against this, that would make me happy! I’m just he guy asking questions here. I don’t have all the answers, maybe someone out there may, I just want to be wrong which is a weird circumstance but so far I am trying to prove to myself that the system is secure but I can’t prove that it is secure so I am putting the question out there to others to say ‘help me!’

Winn Schwartau
In many ways what Render is saying is like a practical physicist. In security it is very similar because you have concepts and ideas and then you try to validate it and then invalidate it. If you go back forty years in the world of information security, that is what used to be what we did, it was called ‘mathematical formalization’ of a system from an operation and security standpoint. We have left that model entirely and an awful lot of it is PFM these days, ‘Pure Frickin’ Magic!’


Max Dalziel, Concise Courses
In your opinion should Internet even be allowed in-flight?

RenderMan
Internet on flights….I’ve been on a few flights where they had inflight WiFi and if you see me on a flight just don’t connect. I was on a flight from Seattle to San Jose so it was all Silicone Valley types and at 10,000 feet laptops were open and I was just sitting there just sniffing the air and it was way too entertaining. Internet on flights – in the grand scheme of things not a bad idea but quite honestly it is one of those things where if you have some guy yakking on a video call or something like that is going to get incredibly annoying.

Inevitably you will get some guy watching porn in the middle of the flight and all the uproar that that is going to cause, it’s like ‘you gave access to the Internet, what did you expect to happen?‘ The Internet is based upon pornography and it will happen sooner or later.

Winn Schwartau
You can have Internet on planes but shut the hell up! Whatever you want to do online, that’s your thing but I do not want voice on planes. For me it is solace and I just want to read.

In Summary
This was an awesome event and we hope that we can help to expose the fact that aviation in the USA (‘might’) be vulnerable to hackers. For more information don’t forget to visit InfoWarCon.

Let us know your thoughts! Are you scared, concerned or do you fly with complete nonchalance?

Leave a comment or reply below...thanks!