Air Traffic Controllers Pick the Wrong Week to Quit Using Radar

by Kim Zetter
Wired.com
July 26, 2012

LAS VEGAS — It’s a Twilight Zone episode waiting to happen. A commercial pilot at 30,000 feet gets sudden instructions from air traffic control on the ground that another plane is headed his way.

The pilot diverts as directed but then controllers tell him a third plane is now in his path, and then a fourth and fifth. Yet when the pilot looks out his window, he sees nothing in the sky.

This is the kind of spoofing attack that could become possible, according to security researcher Andrei Costin, who spoke at the Black Hat security conference on Wednesday about serious vulnerabilities in a new air traffic control system that is currently being deployed in the U.S. and elsewhere.

The system, known as Automated Dependent Surveillance-Broadcast, or ADS-B, uses radio frequencies for communication between one plane and another and between planes and the ground. It’s already widely used in Australia, where planes are required to be ADS-B compliant by 2013, and is expected to replace radar for air traffic control of commercial planes by 2020.

But according to Costin, a doctoral candidate at Eurecom, a graduate school and research institute in France, ADS-B is marred by serious security vulnerabilities that would make it possible for someone to spoof a plane and inject false messages into the system, leading air traffic controllers to “see” planes where none exist.

[CLICK HERE TO READ THE FULL ARTICLE]