FAA Denies Vulnerabilities In New Air Traffic Control System

bingbong writes "The FAA's NextGen Air Traffic Control (ATC) modernization plan is at risk of serious security breaches, according to Brad Haines (aka RenderMan). Haines outlined his concerns during a presentation (PDF) he gave at the recent DefCon 20 hacker conference in Las Vegas, explaining that ADS-B signals are unauthenticated and unencrypted, and 'spoofing' (video) or inserting a fake aircraft into the ADS-B system is easy. The FAA isn't worried because the system has been certified and accredited."

Bad FAA!

[Jerslan]

[rolls up newspaper]
[smacks FAA on the nose with rolled newspaper]
Bad! Bad FAA! We encrypt and authenticate our CRITICAL systems!
[smacks FAA on the nose with rolled newspaper]

Certified and accredited: By Whom?

[jandrese]

Did the vendors who made the systems do the certification? Was security one of the criteria on the accreditation process? I would assume some form of security was on there, but do the people who know stuff about security (like the NSA) approve it?

NextGen has been a huge boondoggle up to this point, and I wouldn't be surprised at all if an insecure system crept through the approval process because all of the alternatives kept failing. Encrypting the traffic would not be trivial either, because you have issues with key management and the fact that anybody can buy transponders and reverse engineer keys out of them. This equipment ultimately has to be available to every Tom, Dick, and Harry small aircraft pilot to be useful, and it's impossible to vet all of them. Even if you did, light aircraft aren't secure storage facilities, and it only takes one theft to render a naive system broken.

I'm confused

[wcrowe]

So, let me get this straight. We have to grope old women wearing diapers and four year olds for safety reasons, but there is no need to worry about the software because it is "certified"?

Re:I'm confused

[ark1]

It's all about security theatre. Airport passenger screening is setup in a way to reduce fear within the general population instead of actual risks. Improving software security will not enhance the feeling of security in your average citizen.

Re:I'm so glad

[pixelpusher220]

How do you get the public to not care about the TSA?

Make an Air Traffic Control system so vulnerable nobody will want to fly...

Re:Doesn't know much about the system

[Bistromat]

I'm one of the authors.

Unfortunately, transmitting live spoofed data into the real ATC system is Guantanamo fodder, and I'm trying to avoid becoming a domestic terrorist if at all possible.

That said, this wasn't merely a simulation: real ADS-B frames were transmitted by a low-cost SDR (into a dummy load) based on the position of a simulated aircraft flying in FlightGear. Those transmitted frames were received by the same SDR (alongside real frames from real aircraft), and the resulting tracks plotted in Google Earth.

See my comment here: http://tech.slashdot.org/comments.pl?sid=3065807&cid=41088873 [slashdot.org] for more information.

Re:Doesn't know much about the system

[Zero__Kelvin]

No. He didn't bring some sense into the conversation. The people who brought sense into the conversation asked the question "what kind of idiot designs the system to make injection possible in the first place?" Computing History, as short as it is, is chock full of people who said "it is not a problem" because they couldn't imagine how it would be a problem, and then someone else came along and showed them the hard way. You're playing with people's lives. Not encrypting the connections in 2012 is tantamount to gross negligence. Period.