Chinese Warships Suspected of Signal-Jamming Passenger Jets

Attackers claiming to be part of the Chinese navy are making calls to commercial Qantas pilots midair, while GPS, comms systems, and altimeter instruments are all experiencing denial of service.

A Qantas 737 jet taking off in Sydney, Australia.
Source: Stonemeadow Photography via Alamy Stock Photo

Australia's Qantas Airways is warning pilots about ongoing signal interference on VHF communications channels from "stations purporting to represent the Chinese military," on commercial flights over the western Pacific Ocean and South China Sea.

The Australian flagship airline also warned that some flights are experiencing jamming of their GPS systems, causing denial of service (DoS), in incidents "suspected to originate from warships operating off the northwest shelf of Australia."

To boot, this is not the only China-related activity in the world of aviation in the region; on March 2, the International Federation of Air Line Pilots' Associations (IFALPA) noted that military warships located in the South China Sea, Philippine Sea, and the Eastern Indian Ocean were placing VHF calls to some passenger flights and military aircraft.

"In some cases, the flights were provided vectors to avoid the airspace over the warship," according to the alert. "We have reason to believe there may be interferences to GNSS and RADALT as well."

GNSS, short for global navigation satellite system, can be used interchangeably with GPS; RADALT stands for "radar altimeter," and refers to the instrumentation that pilots use to gauge how far above the ground an airplane is flying.

Calculating the Physical Safety Dangers

Though the news seems alarming, Qantas is telling flight crews to carry on with their designated flight plan should they see the unusual activity but to report the interference to the controlling air traffic control (ATC) authority. Meanwhile, a spokesperson told Aviation International News that Qantas does not consider the activity to be a physical safety threat.

Ken Munro, a co-founder at Pen Test Partners and a specialist in operational technology (OT) cybersecurity for aviation, says that while the incidents on their face "shouldn’t be of immediate concern," that's not to say the activity couldn't become dangerous in the right situation.

"GPS is only one of a number of methods for pilots to determine their position, though it is generally the most relied upon," he explains. "Inertial reference and radio navigation aids can be used to cross-check position. Indeed, these were the primary methods used prior to the advent of GPS."

He adds, "GPS and RADALT jamming are less of a concern when in the cruise at high altitude. However, errors in position or altitude when on approach are another matter, though much harder to intentionally create when near an airport."

Munro notes that jamming can also be concerning if it's part of a chain of attack or coincides with other alert-worthy activity that might be going on.

"Incidents in the airplane often start with cascade of issues, often with a simple problem starting a chain of events that leads to a more significant problem," he says.

Motivation: A New Cyber-Air Frontier?

Researchers note that if the perpetrators are the Chinese military, the signal interference could have several motivations.

"It's one thing for a warship to ask a commercial airliner to 'please go around us,' and something else entirely to directly interfere with their signals," says Mike Parkin, senior technical engineer at Vulcan Cyber. "On many levels, this feels like an extension of the tactics we've seen from cybersecurity threats originating with Chinese state and state-sponsored groups. Though this presents more of a potential physical threat, and interfering with commercial air traffic is a much more blatant show of power than a typical cyberattack."

NetRise CEO Tom Pace, a firmware security expert specializing in aviation, cautions that the jamming might be unintentional and that no one should jump to conclusions. "It is impossible to state the intention of the Chinese military or even if these actions are purposeful," he says. "This could simply be commercial airlines flying through a region in which the Chinese military is operating, or it could be a more active engagement where the Chinese military is seeing what they can get away with."

Mike Hamilton, CISO of Critical Insight, suspects that the activity was triggered by geopolitical events.

"This is yet another example of how geopolitical tensions are showing up as cyber events that are directed at infrastructure," he says. "I note that the Biden administration just announced a nuclear submarine deal with Britain and Australia, and this is likely the Chinese government expressing its feelings about that deal."

Better Aviation Security Must Take Flight

Hamilton notes that the activity points to the need for better OT security in the aviation space.

"The constellation of GPS satellites has been known to be vulnerable for some time because of our dependence for navigation and time synchronization," he says. "This act should be a wake-up call for the administration to take swift action to deploy compensating security controls around GPS before this act becomes commonplace. Longer term, GPS signal integrity controls must be developed and deployed."

NetRises' Pace explains that commercial airliners don't have sophisticated anti-jamming technologies like military aircraft, and while planes can be flown manually if need be, a better failsafe for DoS events might be putting resources into identifying weaknesses in communications systems and instrumentation.

"The top airline safety concern/challenge regarding the cybersecurity of that OT environment is that there is a significant lack of visibility which translates to an inability to identify risk in these environments," he says.

About the Author(s)

Tara Seals, Managing Editor, News, Dark Reading

Tara Seals has 20+ years of experience as a journalist, analyst and editor in the cybersecurity, communications and technology space. Prior to Dark Reading, Tara was Editor in Chief at Threatpost, and prior to that, the North American news lead for Infosecurity Magazine. She also spent 13 years working for Informa (formerly Virgo Publishing), as executive editor and editor-in-chief at publications focused on both the service provider and the enterprise arenas. A Texas native, she holds a B.A. from Columbia University, lives in Western Massachusetts with her family and is on a never-ending quest for good Mexican food in the Northeast.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights