Exploring Potential ADS-B Vulnerabilities in the FAA’s NextGen Air Transportation System

Amazon Price: $49.00 (as of July 12, 2020 19:05 – Details). Product prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on the Amazon site at the time of purchase will apply to the purchase of this product.

The Federal Aviation Administration's (FAA) Next Generation upgrade proposes a fundamental transformation to thenational airspace system (NAS) that aims to reduce dependence on outdated radar infrastructure, increase airline safetyand condense required aircraft spatial separation. A key component of the upgrade is the Automatic DependentSurveillance-Broadcast (ADS-B) system. ADS-B provides continual broadcast of aircraft position, identity, velocityand other information over unencrypted data links to generate a precise air picture for air traffic management. Officialdocuments claim operational requirements necessitate unencrypted data links while maintaining that there is a lowlikelihood for malicious exploitation. This paper studies the security vulnerabilities associated with the ADS-Bimplementation plan and develops a taxonomy to classify attacks and examine potential impacts the attacks have onoverall NAS operations. The taxonomy helps provide a comprehensive understanding of the threats associated withADS-B implementation and facilitates risk analysis and risk management.

Air Cyber Power and ADS-B Vulnerabilities

Dynamic Radar Map from Flightradar24.com

Exploring Potential ADS-B Vulnerabilities in The FAA NEXTGEN Air Transportation System
The Fog of a “Cyber” War

“It is late fall 2025; Al Qaeda sleeper cells target the disruption of airline traffic into multiple East coast airports during the busy travel season from Thanksgiving through Christmas.
ADS-B IN/OUT has been fully implemented by the FAA; all commercial airlines have invested heavily to comply with the mandate. Oil prices are at an all time high and flights are carrying minimal fuel loads to save money and offset the cost of avionics.

The goal: force multiple airplanes to divert; pilots, FAA controllers and passengers to lose faith in the system; and possibly cause enough chaos to the NAS system that a few lives are lost.

The plan: exploit the U.S. dependency on ADS-B IN/OUT and GPS for arrivals into busy airports, especially during low visibility conditions.

The teams: five two man teams have been put into play for the mission. They are provided with all the commercially available technology they will need, along with a few modified laptop computers, antennas and transmitters.

The targets: Regan National, Dulles, La Guardia, JFK and Philadelphia International airports. The terrorists have been tasked to park minivans with computers containing modified software that are coupled to ADS-B OUT transmitters. The software is designed to be remotely activated and controlled over an Internet connection. Each computer is programmed specifically for the targeted airport, and transmits 978MHz and 1090MHz signals out a boosted transmitter.

As a result, airlines on final approach will receive false targets on their displays. The terrorists ghost target injects also propagate to the FAA controller’s screens. The terrorists intended these spoofed targets, programmed at conflicting arrival and departure corridors as well as in runway incursion situations, to cause multiple airports to become temporarily unusable. The resulting domino effect causes aircraft diversions and delays that will lead to chaos.”

Major, USAF
Degree of Master of Cyber Warfare
Air Force Institute of Technology
Wright-Patterson Air Force Base, Ohio, USA

Download Exploring Potential ADS-B Vulnerabilities in The FAA's Nextgen Air Transportation System