Could The New Air Traffic Control System Be Hacked?

Aug 14, 2012
Originally published on August 16, 2012 1:07 pm

The Federal Aviation Administration is in the midst of a multibillion-dollar upgrade of the nation's air traffic control system. The new system is called the Next Generation Air Transportation System, or NextGen. It will be highly automated. It will rely on GPS instead of radar to locate planes, and it is designed to allow air traffic controllers and pilots to pack more planes, helicopters and eventually drones into our skies.

But a number of computer security experts are concerned that the cornerstone of NextGen is insecure and vulnerable to hackers.

The current air traffic control system relies on radar.

Last week, I went flying with Mike Eynon, a private pilot and computer security expert. His plane is not equipped with the NextGen system, so we were on radar the entire time. Air traffic control pinged Eynon's plane, and a transponder built into his plane answered back — telling controllers where he was and who he was.

This call-and-response system has been in place for decades. But it's slow and not as accurate as GPS. Also, radar ground stations take up a lot of space and are expensive to maintain; and pilots can turn their transponders off.

The old system is getting overwhelmed.

In fact, when Eynon and I went up, the skies were so crowded over San Francisco that we weren't allowed into the airspace; instead, we headed west over the Santa Cruz Mountains. It's problems like this that NextGen was built to solve.

'Chaos In The System'

The cornerstone of this new system is automatic dependent surveillance-broadcast or ADS-B. Basically, planes will be equipped with GPS and will constantly send out little radio broadcasts announcing to the world who they are and where they are. (NextGen is being phased in over the next eight years. By 2020, planes will be required to use ADS-B to enter the more crowded areas of U.S. airspace.)

And recently, ADS-B has caught the attention of hackers.

"All this research was to try to prove to myself that air travel was still safe," says Brad Haines. "I basically failed at that." Haines is a slightly built Canadian computer consultant with multicolored hair. Online, everyone knows him as RenderMan. Haines is basically a hacker. He likes to take things apart and figure out how they work.

It turns out that ADS-B signals look a lot like little bits of computer code. But unlike traffic on the Internet, these signals are unencrypted and unauthenticated. And for computer security geeks like Haines, these are huge red flags. He soon realized he could spoof these signals and create fake "ghost planes" in the sky.

"The threats can be things like, if I can inject 50 extra flights onto an air traffic controller's screen, they are not going to know what is going on," he says.

Now, this hack won't make planes fall out of the air, but it could be dangerous. A fake plane could cause a real pilot to swerve — or a series of ghost planes could shut down an airport.

"If you could introduce enough chaos into the system — for even an hour — that hour will ripple though the entire world's air traffic control," Haines says.

Haines and a partner, Nick Foster, were not only able to create a radio capable of broadcasting spoofed signals, they were also able to hook a radio to a free online flight simulator game called Flight Gear. They used the game to create a ghost plane — a plane that would appear to be real to air traffic controllers using ADS-B — and then they buzzed San Francisco International Airport.

Here's a video that shows real air traffic as it mixes with a fake signal.

Haines and Foster didn't actually broadcast this signal — but all they would have needed to do in order to do that would have been to add an antenna and amplifier to their radio, and turn it on.

At a hacker conference in Las Vegas, Haines gave a talk spelling out exactly how to do it. (See his presentation slides.)

'A Collision Course With History'

More than 4,500 miles away in France, Andrei Costin, a Romanian grad student, realized the same thing. Working independently, Costin built a little software-defined radio hooked to a computer that created fake ADS-B signals in a lab. (Read Costin's white paper.)

His setup cost less than $2,000. Building and deploying ADS-B across America has cost considerably more. "This technology by now cost $1.1 billion," Costin said.

And it's not just Romanian grad students and Canadian hackers who have expressed concerns about the security of the next generation of air traffic control.

Last year, Air Force Maj. Donald L. McCallie, studying cyberwarfare at the Air Force Institute of Technology, wrote about the same kinds of attacks, and concluded that this system may put us "on a collision course with history."

Until now, the FAA has been reluctant to respond. It hasn't released data from its own security test, and the agency's initial response both to the Air Force paper and the more recent hacks has been muted.

Initially, the agency released a one-paragraph statement that said in part: "An FAA ADS-B security action plan identified and mitigated risks and monitors the progress of corrective action. These risks are security sensitive and are not publicly available."

Pilot Mike Eynon says the FAA "seems to almost be taking the stance of security through obscurity, which only works for a short period of time."

Eynon is not only a pilot; he knows something about security. He's the co-founder of Silver Tail Systems, a computer security firm that's been backed by the CIA.

"I always am a firm believer in making the system transparent and having others actually help you make the system more secure by understanding it," Eynon says.

In the past week, the FAA has become a bit more forthcoming. Officials there say as the NextGen system has been phased in, it has never recorded a spoofed or ghost plane in the sky over the U.S. And they say that even if a hacker did create a ghost plane, there are systems in place that would automatically catch it and weed out the fake signal before it could confuse air traffic controllers or pilots.

The FAA is building a network of more than 700 ADS-B receivers spread across the country. Although eventually the agency plans to decommission hundreds of radars, hundreds more will remain in place.

Weeding Out The Fakes

FAA officials told NPR that NextGen will validate ADS-B signals in three ways.

First, the system will use existing radars to check to make sure that ADS-B signals are real.

Second, it will automatically check to make sure that correct ADS-B receivers are picking up ADS-B messages. So, for example, if someone created a spoofed or ghost plane flying in Montana but sent the signal to an ADS-B receiver in California, the NextGen system would automatically recognize that signal as fake and weed it out before air traffic controllers could see it.

Finally, the system will use physics to try to pinpoint exactly where every ADS-B signal is sent from. It will track when each ADS-B message is received by each ADS-B station, then use the slight time differences to nail down where the signal originated. This technique is called multilateration. But for it to work, there must be multiple listening stations receiving every ADS-B signal.

"If the FAA is really using multilateration, that's a great sign," says Haines' partner, Nick Foster. "But I still wonder if it would be possible to fool the system on the edges. I think the FAA should open it up and let us test it."

Other researchers like Capt. Domenic Magazu at the Air Force Institute of Technology agree. Magazu is concerned that these techniques might not help pilots spot fake ADS-B signals quickly.

A paper by Magazu on this topic will appear this fall in the Journal of Aviation and Aerospace Perspectives.

And researchers from Brad "RenderMan" Haines to Air Force Maj. Donald McCallie have all asked the FAA to be more transparent about how it's testing a multibillion-dollar system the public will soon rely on to keep it safe in the air.

Copyright 2012 National Public Radio. To see more, visit http://www.npr.org/.

Transcript

AUDIE CORNISH, HOST:

From NPR News, this is ALL THINGS CONSIDERED. I'm Audie Cornish.

MELISSA BLOCK, HOST:

And I'm Melissa Block.

The Federal Aviation Administration is in the midst of a multibillion-dollar upgrade of the air traffic control system. The new system will be highly automated, relying on GPS instead of radar to locate planes, and it's designed to allow air traffic controllers and pilots to pack more planes, helicopters and eventually drones into the skies.

But as NPR's Steve Henn reports, some computer security experts are concerned that the new system is vulnerable to hackers.

STEVE HENN, BYLINE: So I'm standing here on the tarmac of the San Carlos Airport, and I see one, two, three, four planes all in the air.

(SOUNDBITE OF A PLANE)

HENN: This airport is in the heart of Silicon Valley. It's just south of Oracle's headquarters. Oracle's founder, billionaire Larry Ellison, keeps a fleet of jets here. And the skies over the field are packed. We are just south of San Francisco's international airport. There are six airports within 30 miles.

UNIDENTIFIED MAN: Clear.

MIKE EYNON: We'll take off out here. We'll fly up over San Francisco toward Petaluma.

HENN: Mike Eynon is a private pilot and a computer security expert.

EYNON: We'll be with air traffic control the entire way so that we'll be on their scopes, registered with a unique transponder code.

HENN: The current air traffic control system relies on radar. When we're up, air traffic control pings Mike's plane and a transponder built into his plane answers back, telling controllers where he is and who he is. This call and response system has been in place for decades, but it's slow. It's not as accurate as GPS. Radar ground stations take up a lot of space and are expensive to maintain, and pilots can turn their transponders off.

The old system's getting overwhelmed. In fact, when Mike and I go flying, the skies over San Francisco are so crowded we aren't allowed into the air space. So instead, we head west over the Santa Cruz Mountains.

EYNON: Great view from up here. We can see the Pacific to San Francisco.

HENN: Because of problems like congestion, the FAA is replacing radar with a new system called NextGen which will be phased in over the next eight years. The corner stone of that system is something called ADS-B. That stands for Automatic Dependent Surveillance-Broadcast.

Basically, planes will be equipped with GPS and will constantly send out little radio broadcasts announcing who they are and where they are to the world. And recently, ADS-B has caught the attention of hackers.

BRAD HAINES: All this research was to try to prove to myself that air travel is still safe. I basically failed at that.

HENN: Brad Haines is a slightly built Canadian computer consultant with multicolored hair. Online, everyone knows him as RenderMan. He's basically a hacker. And it turns out ADS-B signals look a lot like little bits of computer code. But unlike traffic on the internet, these signals are unencrypted and unauthenticated. And for computer security geeks like RenderMan, these are huge red flags. He realized he could spoof these signals and create fake ghost planes in the sky.

HAINES: The threats can be things, like, if I can inject 50 extra flights onto an air traffic controller's screen, they're not going to know what's going on.

HENN: Now, this hack won't make planes fall out of the air but...

HAINES: If you could introduce enough chaos into the system for even an hour, you know, that hour will ripple through the entire world's air traffic control.

HENN: Now, RenderMan didn't actually do this, but he demonstrated publically that he could. And last month, at a hacker conference in Vegas, he gave a talk spelling out exactly how to do it. More than 4,500 miles away in France, Andrei Costin, a Romanian grad student, realized the same thing. Working independently, he built a little radio hooked to a computer that created fake ADS-B signals in a lab.

ANDREI COSTIN: This technology by now cost U.S. 1.1 billion U.S. dollars.

HENN: Costin says he spent less than $2,000 to break open a billion-dollar system. And it's not just Romanian grad students and Canadian hackers who've expressed concern about the security of the next generation of air traffic control. Last year, Air Force major Donald McCallie, studying cyber warfare at the Air Force Institute of Technology, wrote about these same kinds of attacks and concluded the system was, quote, "on a collision course with history," end quote.

But until now, the FAA has been reluctant to respond. They haven't released data from their own security testing, and the agency's initial response, both to the Air Force paper and the more recent hacks, has been muted.

EYNON: The FAA seems to almost be taking the stance of security through obscurity, which only works for a short period of time.

Pilot Mike Eynon knows something about security. He's co-founder of Silver Tail Systems, a computer security firm that's been backed by the CIA.

I always am a firm believer in making the system transparent and having others actually help you make the system more secure by understanding it.

HENN: But in the past week, the FAA has become a bit more forthcoming. Officials there say as NextGen's been phased in, it's never recorded a spoofed or ghost plane in the sky over the U.S. And they say even if a hacker did create a ghost plane, there are systems in place that would automatically catch it and weed out the fake signal before it could confuse air traffic controllers or pilots.

Still, researchers, from RenderMan to Air Force major Donald McCallie, would like the agency to be more transparent about how its testing this multibillion-dollar system the public will soon rely on to keep it safe. Steve Henn, NPR News, Silicon Valley. Transcript provided by NPR, Copyright National Public Radio.