News Advanced Threats
The 5 Coolest Hacks Of 2012
Nothing was sacred -- the nation's airspace, home power meters, videoconferences, and, in an ironic twist, popular cybercrime tools
2. Airplane Hack
The FAA's new air traffic control system has holes so big that a fake plane could fly through them.
A researcher at Black Hat USA in July gave a chilling presentation revealing several weaknesses in the key component of the FAA's next-generation Automatic Dependent Surveillance-Broadcast (ADS-B) system, the replacement for the agency's decades-old ground radar system for air traffic control. The flaws could allow someone to inject their own messages into the system, posing as an aircraft, and these messages are unencrypted and therefore wide open to snooping.
More Security Insights
- Information Protection: The Impact Of Big Data
- Cloud-based data backup: A buyer's guide - How to choose a third-party provider for development, management of your data backup solution
- Informed CIO: SDN and Server Virtualization on a Collision Course
- InformationWeek 2013 IT Spending Priorities Survey
- The Untapped Potential of Mobile Apps for Commercial Customers
- Using InfoSphere Information Server to Integrate and Manage Big Data
Andrei Costin, a computer scientist and graduate student at Eurecom, says the system has no authentication feature for messages. "Any attacker can pretend to be an aircraft" by injecting a message into the system, he says.
Air traffic messages, such as the location of an aircraft in flight, could be read by anyone. Costin showed an air traffic screen capture that appeared to be the in-flight location of Air Force One, the airplane that transports the President -- an illustration of the national security implications of the system's weaknesses.
It could also represent a spoofed aircraft, he says. "If the data is false, somebody is spoofing the system," he says. A fake aircraft showing up on the system could force the system to adjust to flights that weren't really there and wreak havoc in the skies. One scenario would be akin to a denial-of-service attack on the air traffic control system, he says, with a million phony planes.