Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security Technology

Hackers Can Fake Radio Signals To Hijack Aircraft Landing Systems, Warn Researchers (computing.co.uk) 63

Hackers could hijack the systems used to guide planes by compromising and spoofing the radio signals that are used during landing. From a report: That's according to a team of researchers at Northeastern University in Boston, who have detailed their research in a recently published white paper. "Modern aircraft heavily rely on several wireless technologies for communications, control, and navigation. Researchers demonstrated vulnerabilities in many aviation systems," said the academics. "However, the resilience of the aircraft landing systems to adversarial wireless attacks have not yet been studied in the open literature, despite their criticality and the increasing availability of low-cost software-defined radio (SDR) platforms." After analysing the instrument system waveforms, the researchers found that hackers can spoof such radio signals using commercially available tools. With them, attackers are able to cause last-minute go-around decisions and even make the plane miss its landing zone in low-visibility scenarios.
This discussion has been archived. No new comments can be posted.

Hackers Can Fake Radio Signals To Hijack Aircraft Landing Systems, Warn Researchers

Comments Filter:
  • Die Harder (Score:2, Funny)

    by DredJohn ( 5279737 )

    Shout out to Die Hard 2!

    • by Nidi62 ( 1525137 )

      Shout out to Die Hard 2!

      The only thing I ever took from that movie was the airport SWAT team was full of idiots. "Hey, let's all walk single file down a moving walkway when we know armed terrorists are running around!" Anyway, I choose to treat Die Hard like The Matrix: they only made 1 movie.

    • Re:Die Harder (Score:5, Insightful)

      by lgw ( 121541 ) on Thursday May 16, 2019 @11:56AM (#58603170) Journal

      Yeah, it's not exactly a new attack. I think the point was that it's easier to get the hardware now? But unless you have a lot of power, and somehow suppress the real systems, you're not going to do much beyond making the pilot ignore that system.

      Airliners all have (well, 95%+ worldwide, all in the US have) a radar-altimeter based terrain avoidance warning system. Even if we imagine an IFR landing where you can't see the runway lights well and are very dependent on instruments, and even if those integuments are way off due to hacking, and even if the pilot flying isn't really paying attention (pretty unlikely in an IFR landing), the TAWS is guaranteed to capture the pilot's complete attention.

      It's very well drilled into commercial pilots that if the TAWS starts saying "Pull up! Pull up!", you never doubt it's right. You pull up immediately to the maximum capacity of the plane to sustain a climb. What you don't do is try to figure out what's going on, at least not until after both pilots agree that the immediate danger has passed.
       

      • by Anonymous Coward

        I donâ(TM)t think amplification is the problem. Anyone can build an amplifier if they donâ(TM)t care about noise, efficiency or yet fcc. Maybe it is easier now and more in reach, but it isnâ(TM)t exactly a new attack vector.

        Maybe someone wants to sale new landing systems and needs to drum up fear?

        • by lgw ( 121541 )

          I don't think amplification is the problem.

          Depends on the system. Systems that only work very near the airport may only transmit on the order of 100W power. Those an attacker might have a shot at overriding with easily portable equipment, though it won't be phone-sized. (Of course, pilots would likely notice if information jumps radically when the plane switches to the close-in systems.)

          Systems for longer-range navigation are typically single-digit kilowatts, from what I can find goggling around. You're not going to sustain that for long with a

          • There are illegally powered mobile CB set ups that push thousands, or even 10's of thousands of watts in extreme cases.
            How they do it:, truck or car with a v-8 engine (power to spare), and multiple large aftermarket alternators added. On top of that several extra car batteries in line to smooth out the spikes.
            Obviously not man portable, but vehicle-portable, youbetcha..

            Obviously CB is on the upper end of HF, and we are talking about VHF/UHF, but that's just a question of equipment.
            The power is there if
      • It's very well drilled into commercial pilots that if the TAWS starts saying "Pull up! Pull up!", you never doubt it's right.

        Yep. Always trust your instruments and not your gut. You can be upside-down and descending while your senses insist you're right-side up and level or even climbing.

        The last words of many pilots on the black box flight recorder: "Well I think..." followed by the sounds of impact.

        • by lgw ( 121541 )

          I think a big part of the rationale is "if your mental model of where your plane is was right, you wouldn't be getting this alarm in the first place, so we already know your gut is wrong".

        • unless you're flying a Boeing 737MAX.

        • Air France 447 comes to mind...
          Basically fell ass-first from 38000 feet, stall warnings were received intermittently the whole way down...
        • You can be upside-down and descending while your senses insist you're right-side up and level or even climbing.

          If that's true, wouldn't most people who think they're rightside-up and climbing throw themselves harder at the ground when they hear the alarm?

          • If that's true, wouldn't most people who think they're rightside-up and climbing throw themselves harder at the ground when they hear the alarm?

            Yes, if they ignored their artificial horizon indicator and the altimeter winding down like crazy. If you pull up and your altitude decreases you're probably upside-down (or you don't have enough airspeed to climb and you're in a stall).

            Yes, pilots can become disoriented and not realize they're inverted. It doesn't happen often but with fog, night flying, flight through cloud cover, etc it can happen.

            In short, if your artificial horizon indicator says you're upside-down, trust it- you're almost certainly u

            • This has always bothered me, because I just don't fully understand how someone can be upside down but think they're right side up. I'm not doubting the experience, but don't other things come into play when one is upside down other than visual cues, such as the general feeling of being upside down, blood going to your head, hair changing, maybe your Pepsi is now all over the cockpit (reference to Top Gun Pepsi ad). My only thought is, being fairly ignorant about flying admittedly, is that at some point in f
              • I just don't fully understand how someone can be upside down but think they're right side up

                Take some aviation training. You'll figure it out pretty quickly.
                • Do they invert the air plane as a demonstration to trust the artificial horizon?
                  • No need to go inverted. Put on an IFR hood so you can't see the horizon, do a 30 degree climbing turn while watching airspeed and turn-and-bank. Vertigo will show up pretty quickly.
      • Isn't the TAWS teling pilots to "Pull Up" what was partially an issue on the 737 Max airliners? IIRC, they simply stalled.

        BTW, Die Harder was stupid. I mean, an airliner which has no fuel would not blow up on impact.
        • The 737 MAX problem is that the Terrain And Water Seeking system will actively push the nose down, not just warn the pilots.
      • However, the ILS system is essentially dead anyway having been replaced with ADS-B and GPS...
  • While it is practical to spoof an individual navigation system component, there is a fair amount of redundancy in the system to mitigate perturbations. Nonetheless, it certainly is true that if an entity is dedicated enough, and the circumstances are right, that bad things could happen.

  • by Anonymous Coward

    This has been feasible for decades. The only thing different is it's easier now & is mainly software+SDR rather than special RF hardware.

  • by Anonymous Coward

    This is reporting that you can replicate a radio beacon designed in 1932 with another radio beacon using those same signals. This is not new or surprising. The whitepaper is written in the most fear-inducing style they could manage. The "Low powered" attack is for airports without an ILS, why would anyone be trying to use an ILS at an airport that doesn't have one? How would the pilot get the frequency? For this to work anywhere else, you'd need a transmitter powerful enough to override the actual ILS, this

  • the resilience of the aircraft landing systems to adversarial wireless attacks have not yet been studied in the open literature

    Probably because you will be labelled a terrorist and possibly rendered to Gitmo for doing so.

  • by ibpooks ( 127372 ) on Thursday May 16, 2019 @12:13PM (#58603260) Homepage

    Not only do the pilots have several alternatives to identify and deal with hacked or malfunctioning ILS, you also have tower controller(s) and approach controller(s) watching radar tracks of the approaching planes. At least that's the case with the vast majority of commercial air traffic; ignoring smaller airports that aren't as well staffed, but also don't get much commercial traffic. They would pick up pretty quickly on unusual deviations from the localizer or glideslope and notfiy the pilots immediately. It wouldn't take much for them to realize something weird was going on with the ILS, switch to an alternative and notify the appropriate airport authorities to investigate/repair the ILS malfunction.

  • ... by the existing error detection equipment?

    An ILS approach at a major airport has multiple monitors to verify that the signal is correctly aligned with the runway, and alarms would tell ATC if there was a need to use less-precise approaches. Modern commercial aircraft (and even some general aviation aircraft) double-check guidance from multiple sources in their flight management systems.

    While it isn't that difficult to spoof one signal at one location, you'd have to spoof a lot of signals to get the effect an aircraft flown by a crew trained to be on the look-out for navigation problems.

  • for critical flight systems, and use 1553 instead.

    • AKA "the meatball" [youtube.com]. The optics are aligned so where you see the light depends on whether you're above or below the optimal glide slope [wikipedia.org]. This creates the optical illusion of a single ball indicating if you're coming in too high or too low. (You can watch the full video to learn how it works. Hooray for 1960s training videos.)

      It's only used on aircraft carriers because it's obscured by bad weather like fog. Radio glide slope indicators work in all weather. Carriers generally don't want to give away th
  • It is easier to find hostile radios than computer malware. There are even non-profit groups practicing for it. See "ARRL" and "ARDF". 8-)

  • You may be able to spoof say an ILS glide slope, or a localizer, maybe even both, but it won't be enough.. The only time this could possibly be a problem is under IFR conditions. If it's VFR, pilots will see and avoid issues themselves regardless of what their navigation aids or ATC is telling them. However IFR isn't a problem, here are the reasons...

    IFR flying is a series of checks and cross checks. Flying a full ILS approach involves a couple of checks and cross checks that literally guarantee that yo

It is better to live rich than to die rich. -- Samuel Johnson

Working...