FAA Denies Vulnerabilities In New Air Traffic Control System

bingbong writes "The FAA's NextGen Air Traffic Control (ATC) modernization plan is at risk of serious security breaches, according to Brad Haines (aka RenderMan). Haines outlined his concerns during a presentation (PDF) he gave at the recent DefCon 20 hacker conference in Las Vegas, explaining that ADS-B signals are unauthenticated and unencrypted, and 'spoofing' (video) or inserting a fake aircraft into the ADS-B system is easy. The FAA isn't worried because the system has been certified and accredited."

Doesn't know much about the system

[vlm]

explaining that ADS-B signals are unauthenticated and unencrypted, and 'spoofing' (video) or inserting a fake aircraft into the ADS-B system is easy.

He doesn't know much about the system. OK. go ahead... try to break it.... what'll happen? Nothing.

Spraying junk into the system is irrelevant. Being unauth and unencrypted its simpler and cheaper just to build a raw RF jammer than to feed in formatted junk reports. That works really well until the .mil shows up to train their jamming countermeasures equipment against your jammer. Whoops. DF work isn't all that complicated and the higher the frequency the easier it is. Radar jamming has been an option for what, 70 years now, and nothing really ever comes of it? ATC/pilots already have procedures to survive radar outages. Happens all the time. Send a nice thunderstorm thru, send in the backhoes (lots of remote radar units connected by fiber). So jamming/spamming/forcing it out of service is useless. Nothing an attacker can send will break anything.

I know about the ADS-B data structure. This stuff is small and simple. We're not talking about radar and jetliner sending sandboxed java applets to each other, its incredibly simpler than that. Its like declaring you can hack buffer overflows over a morse code telegraph. There's not enough "stuff" in the protocol to be turing complete.

The attack vector is incredibly narrow. I know a lot more about piloting and radar RF and microcontrollers, and frankly pretty much everything in the system compared to this guy and I can't figure out how to actually bust it.

Look at the guy's presentation. notes as I scan thru the slides. 1) He's cooler than you, crendentialism means he's correct (LOL) 2) he drinks vodka, very impressive proof 3) he admits he knows nothing about ATC and radar 4) He doesn't know much about RF or comms (pulse per second modulated, wtf is this star trek technobabble) 5) Other people are looking and no one has come up with anything 6) his threats are not serious and/or not realistic and/or already exist 7) I love this quote "some threats are total unknowns" yeah I think thats an excellent summary of the ADS-B "security hole". 8) the pretend made up scandal about the FAA not releasing "sensitive security information" is about skin painting radar coverage for smuggler detection, thats why they claim it has no impact on passenger aircraft... its not all space alien coverup unless your passenger craft is 50 feet off the ocean and full of coke I think you're OK. 9) "Not trying to spew FUD" LOL ok dude I hope the audience laughed at that. 10 ) Dude calls a homemade SDR RX an "exploit" LOL 11) he hopes they don't unplug primary radar... well duh how would they catch smugglers if all they had to do was flick a circuit breaker to disappear...

Look I know the guys not an idiot in general. But this is the kind of thing that happens when someone who doesn't know anything about any individual components of a big system, or anything about the big system itself, gets all FUDdy and self promotional. If you don't know anything about the terrain you're fighting in or the tools you have, you'll lose, no matter how smart you are.

TLDR is don't worry its not an issue. FUD FUD FUD self promotion thats all.

Re:The FAA , another broken government organizatio

[Lightn]

Are you familiar with the discussion around Full disclosure [wikipedia.org]? There are good reasons to publicly release vulnerabilities and if people were made legally liable for doing that, it would probably decrease our security in the long run. Assuming the information Renderman released points to an actual vulnerability, the FAA response shows the exact reason why full disclosure is necessary.

Re:The FAA , another broken government organizatio

[bleh-of-the-huns]

This is totally incorrect.

Flaws and vulnerabilities discovered during the C&A process result in POA&Ms (Plan of Action and milestones) for each flaw and vulnerability. Each of those POA&Ms is tracked, and there is timeframe that the issue must be resolved, depending on the severity. Once flaw remediation is complete, the POA&M is closed.

No recertification required. The only time recertification is required is when a certain percentage of the system is changed, not updated or fixed.

Many errors in the presentation:

[DL117]

I just read the presentation. It seems like this guy knows just enough to scare himself and others.

Mistakes:

Page 13: The 'ID Number'(SSR/'squawk code') is automatically attached, it is not manual, nor is 'a great deal of work required'.
Page 14: Pilots DO get traffic data from the current ATC system. Traffic detection systems on airplanes intercept the transponder replies, and use that to detect the location of other air traffic. Larger aircraft have systems that actually communicate each other to avoid collisions in emergencies. Those systems are called PCAS, and TCAS respectively.
Page 14:Standard separation of aircraft is 3-10 miles and 1000 feet. Not 80 miles. That's just stunningly wrong.
Page 15:Airplanes will ALWAYS need to avoid thunderstorms and volcanoes, radar or no radar.
Page 16:Not too many errors here, but planes ALREADY can be closer than 5 miles.

Page 23(the "scary stuff"): Yes, he(and you) can observe the air traffic. So what? It's not secret, hasn't ever been secret, and doesn't need to be secret. You don't need ADS-B to know that airplanes congregate around airports. This function is largely intentional, and nothing worse than a tool for enthusiasts. Critical thinking will tell you that it's not information that needs to be kept secret(flghtaware.com's FAQ explains this concept very well)

So, the only real point on page 23 is the lac kof authentication. Which isn't much of an issue because it will be validated with radar. And, over the ocean, where there isn't radar, you probably won't have morons in boats spoofing signals.

Page 27: None of these threats are actually dangerous. It's already public. Most flightplans are available online(flightaware.com), and you can see most airplanes in the sky. They take predictable routes around airports. It's not dangerous.

Page 28: Most of these are valid concerns, but the opportunity to train the system isn't their. Fake flights will quickly be noticed. How? "Hey, none of these planes are landing. And it's tail number doesn't exist".

Page 30: Autopilots DO NOT automatically avoid collisions, a warning signals the pilots to take action, essentially for this exact reason. Autopilots ONLY do things they have been explicitly told by the PILOT and no one else, including ATC.

Page 30:Many large aircraft DO have radar onboard for traffic. It's called TCAS.

Page 31: GPS jamming not new.

Page 32: Not new. GPS spoofing isn't new, but is VERY rare.

Points I'd like to highlight:

1. ADS-B does not need to be private, and is not intended to be private. All of the concerns regarding lack of privacy here are invalid.
2. Autopilots only take commands from the pilot(s) inside the cockpit. No one else.
3.Only valid remaining concerns are signal spoofing.
4.They have planned for this, and are clearly working on countermeasures.

Just because the government lies and makes mistakes often, doesn't mean they do it always.

Source:Aviation enthusiast, student pilot, many, many public documents.