Hackers Can Fake Radio Signals To Hijack Aircraft Landing Systems, Warn Researchers (computing.co.uk) 63
Hackers could hijack the systems used to guide planes by compromising and spoofing the radio signals that are used during landing. From a report: That's according to a team of researchers at Northeastern University in Boston, who have detailed their research in a recently published white paper. "Modern aircraft heavily rely on several wireless technologies for communications, control, and navigation. Researchers demonstrated vulnerabilities in many aviation systems," said the academics. "However, the resilience of the aircraft landing systems to adversarial wireless attacks have not yet been studied in the open literature, despite their criticality and the increasing availability of low-cost software-defined radio (SDR) platforms." After analysing the instrument system waveforms, the researchers found that hackers can spoof such radio signals using commercially available tools. With them, attackers are able to cause last-minute go-around decisions and even make the plane miss its landing zone in low-visibility scenarios.
Die Harder (Score:2, Funny)
Shout out to Die Hard 2!
Re: (Score:2)
Shout out to Die Hard 2!
The only thing I ever took from that movie was the airport SWAT team was full of idiots. "Hey, let's all walk single file down a moving walkway when we know armed terrorists are running around!" Anyway, I choose to treat Die Hard like The Matrix: they only made 1 movie.
Re:Die Harder (Score:5, Insightful)
Yeah, it's not exactly a new attack. I think the point was that it's easier to get the hardware now? But unless you have a lot of power, and somehow suppress the real systems, you're not going to do much beyond making the pilot ignore that system.
Airliners all have (well, 95%+ worldwide, all in the US have) a radar-altimeter based terrain avoidance warning system. Even if we imagine an IFR landing where you can't see the runway lights well and are very dependent on instruments, and even if those integuments are way off due to hacking, and even if the pilot flying isn't really paying attention (pretty unlikely in an IFR landing), the TAWS is guaranteed to capture the pilot's complete attention.
It's very well drilled into commercial pilots that if the TAWS starts saying "Pull up! Pull up!", you never doubt it's right. You pull up immediately to the maximum capacity of the plane to sustain a climb. What you don't do is try to figure out what's going on, at least not until after both pilots agree that the immediate danger has passed.
Re: Die Harder (Score:1)
I donâ(TM)t think amplification is the problem. Anyone can build an amplifier if they donâ(TM)t care about noise, efficiency or yet fcc. Maybe it is easier now and more in reach, but it isnâ(TM)t exactly a new attack vector.
Maybe someone wants to sale new landing systems and needs to drum up fear?
Re: (Score:3)
I don't think amplification is the problem.
Depends on the system. Systems that only work very near the airport may only transmit on the order of 100W power. Those an attacker might have a shot at overriding with easily portable equipment, though it won't be phone-sized. (Of course, pilots would likely notice if information jumps radically when the plane switches to the close-in systems.)
Systems for longer-range navigation are typically single-digit kilowatts, from what I can find goggling around. You're not going to sustain that for long with a
Re: (Score:2)
How they do it:, truck or car with a v-8 engine (power to spare), and multiple large aftermarket alternators added. On top of that several extra car batteries in line to smooth out the spikes.
Obviously not man portable, but vehicle-portable, youbetcha..
Obviously CB is on the upper end of HF, and we are talking about VHF/UHF, but that's just a question of equipment.
The power is there if
Re: (Score:2)
Ah, so the movie plot would be a Fast and Furious sequel. Nice!
Re: (Score:2)
Why are they so allergic to PKI though? Any system designed in the last couple of decades should be authenticated, yet they aren't.
Re: (Score:2)
Re: (Score:2)
It's very well drilled into commercial pilots that if the TAWS starts saying "Pull up! Pull up!", you never doubt it's right.
Yep. Always trust your instruments and not your gut. You can be upside-down and descending while your senses insist you're right-side up and level or even climbing.
The last words of many pilots on the black box flight recorder: "Well I think..." followed by the sounds of impact.
Re: (Score:2)
I think a big part of the rationale is "if your mental model of where your plane is was right, you wouldn't be getting this alarm in the first place, so we already know your gut is wrong".
Re: (Score:2)
unless you're flying a Boeing 737MAX.
Re: (Score:2)
Basically fell ass-first from 38000 feet, stall warnings were received intermittently the whole way down...
Re: (Score:2)
If that's true, wouldn't most people who think they're rightside-up and climbing throw themselves harder at the ground when they hear the alarm?
Re: (Score:2)
If that's true, wouldn't most people who think they're rightside-up and climbing throw themselves harder at the ground when they hear the alarm?
Yes, if they ignored their artificial horizon indicator and the altimeter winding down like crazy. If you pull up and your altitude decreases you're probably upside-down (or you don't have enough airspeed to climb and you're in a stall).
Yes, pilots can become disoriented and not realize they're inverted. It doesn't happen often but with fog, night flying, flight through cloud cover, etc it can happen.
In short, if your artificial horizon indicator says you're upside-down, trust it- you're almost certainly u
Re: (Score:2)
Re: (Score:2)
Take some aviation training. You'll figure it out pretty quickly.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
BTW, Die Harder was stupid. I mean, an airliner which has no fuel would not blow up on impact.
Re: (Score:1)
ILS jamming (Score:1)
Multiple layers of information for flight control (Score:2)
While it is practical to spoof an individual navigation system component, there is a fair amount of redundancy in the system to mitigate perturbations. Nonetheless, it certainly is true that if an entity is dedicated enough, and the circumstances are right, that bad things could happen.
Re:This probably already happened... (Score:4, Interesting)
In 2010 a Polish Air Force TU-154 crashed short of the runway, killing the President of Poland and everyone else aboard.
Oh, you mean the one where the plane crashed in heavy fog, in trees that were too high per Russian aviation standards, had substandard ATC practices, and incorrect and substandard training in the unit responsible for crewing the aircraft? Yeah, totally an assassination.
Re:This probably already happened... (Score:5, Funny)
They were playing the long game with these trees.
Re: (Score:2)
They were playing the long game with these trees.
Mod Points Please!
So what's new? (Score:1)
This has been feasible for decades. The only thing different is it's easier now & is mainly software+SDR rather than special RF hardware.
This is not news (Score:1)
This is reporting that you can replicate a radio beacon designed in 1932 with another radio beacon using those same signals. This is not new or surprising. The whitepaper is written in the most fear-inducing style they could manage. The "Low powered" attack is for airports without an ILS, why would anyone be trying to use an ILS at an airport that doesn't have one? How would the pilot get the frequency? For this to work anywhere else, you'd need a transmitter powerful enough to override the actual ILS, this
Security through obscurity (Score:2)
the resilience of the aircraft landing systems to adversarial wireless attacks have not yet been studied in the open literature
Probably because you will be labelled a terrorist and possibly rendered to Gitmo for doing so.
Lots of people watching for trouble (Score:4, Interesting)
Not only do the pilots have several alternatives to identify and deal with hacked or malfunctioning ILS, you also have tower controller(s) and approach controller(s) watching radar tracks of the approaching planes. At least that's the case with the vast majority of commercial air traffic; ignoring smaller airports that aren't as well staffed, but also don't get much commercial traffic. They would pick up pretty quickly on unusual deviations from the localizer or glideslope and notfiy the pilots immediately. It wouldn't take much for them to realize something weird was going on with the ILS, switch to an alternative and notify the appropriate airport authorities to investigate/repair the ILS malfunction.
Re: (Score:1)
Except that in IMC the use of radio guidance systems is not only necessary, but also required. If you can't see the runway, you can't see the runway.
Re: (Score:2)
True, but if you still can't see the runway at minimums (usually 200 feet above ground) you must climb and go-around, no matter what the ILS indicates.
For something like a category III approach in extremely bad weather, you still must have visual contact at minimums of ~50 feet, but it is extremely unlikely you'll make it that close to the ground on a faulty ILS. Category III approaches require dual autopilots operating in sync on a stable approach. Any unplanned variations in the signal would trigger an
Some pilots never look out the window (Score:2)
Remember the Asiana crash in SFO. Clear weather, ILS inoperative, bad setting on the autothrottle, and they flew into the ground, nearly killed eveyone.
If pilots of that calibre had a forged ILS input they would follow it into the ground without seeing a thing.
You mean spoofing that wouldn't be detected... (Score:4)
... by the existing error detection equipment?
An ILS approach at a major airport has multiple monitors to verify that the signal is correctly aligned with the runway, and alarms would tell ATC if there was a need to use less-precise approaches. Modern commercial aircraft (and even some general aviation aircraft) double-check guidance from multiple sources in their flight management systems.
While it isn't that difficult to spoof one signal at one location, you'd have to spoof a lot of signals to get the effect an aircraft flown by a crew trained to be on the look-out for navigation problems.
Re: (Score:2)
This is why you shouldn't use wireless... (Score:1)
for critical flight systems, and use 1553 instead.
There actually is an optical landing system (Score:2)
It's only used on aircraft carriers because it's obscured by bad weather like fog. Radio glide slope indicators work in all weather. Carriers generally don't want to give away th
Re: (Score:2)
Apparently, I misread TFA, and was wrong. For some reason, I thought it was internal avionics comms they were talking about.
Easier to find them. (Score:2)
It is easier to find hostile radios than computer malware. There are even non-profit groups practicing for it. See "ARRL" and "ARDF". 8-)
NOPE.. I'm not worried... (Score:2)
You may be able to spoof say an ILS glide slope, or a localizer, maybe even both, but it won't be enough.. The only time this could possibly be a problem is under IFR conditions. If it's VFR, pilots will see and avoid issues themselves regardless of what their navigation aids or ATC is telling them. However IFR isn't a problem, here are the reasons...
IFR flying is a series of checks and cross checks. Flying a full ILS approach involves a couple of checks and cross checks that literally guarantee that yo