Are The Skies Safe? Black Hat Speaker Says No


Printer-friendly version Email this CRN article

The world is in the process of migrating to a new technology to support air traffic control. The good news is that it's less expensive and enables planes to be more densely packed into crowded skies.

The bad news is that anyone with a few hundred dollars could hack the system, independent security researcher Andrei Costin said in a presentation Wednesday at the Black Hat conference in Las Vegas.

Such a hack could potentially unleash the aviation equivalent of a DDoS attack by adding an unlimited number of non-existent planes onto the grid until the system is brought to its knees or until it overloads human controllers.

Costin said the new technology is known as Automated Dependent Surveillance-Broadcast (ADS-B).

He also outlined a number of other potential exploits and errors that could have similar consequences. "The system would be vulnerable to pilots with bad intentions, pranksters, abusive users, criminals, terrorists, and even military actions," explained Costin, "but it's also true that the military has some ways to mitigate the effects that are not available to commercial or civil aviation.

[Related: 7 Security Threats Circling Your Network]

Costin also claims that ADS-B is also vulnerable to privacy issues if individuals were to use any number of databases that identify the owners of private aircraft. "I could envision paparazzi using these types of tactics as a means of tracking down celebrities, but the far more important issues with this system involve security. This system lacks even minimal security measures that pose a direct threat to public safety."

The researcher claims the system was put into place in the U.S. at a cost of more than $1 billion, and is now in the process of becoming operational. Costin believes that while some of the issues could be resolved through encryption, such a strategy would utilize far more bandwidth which, in effect, would reduce its effectiveness.

"This is some real scary stuff," said Erik Hampshire, a North Carolina-based network security engineer who attended the presentation. "I'll keep it in perspective, but this information will certainly be on my mind when I fly home."

A spokesman from ADS-B could not be reached for comment.

Black Hat continues on Thursday with a number of presentations on various technology vulnerabilities, as well as a look at the legal aspects of cyberspace.

PUBLISHED JULY 26

Printer-friendly version Email this CRN article