Image by coniferconifer/ Flickrĭespite its vulnerabilities, ADS-B is the backbone of the FAA's NextGen system. This cheap DVB-T dongle can read ADS-B (airplane's ID, location, and speed) data for airplanes within 250 km of the receiver. As you can guess, ADS-B In is the receiving portion of the system on the aircraft and is what opens the plane to spoofing attacks. They do it every second - in plain text, unencrypted, unauthenticated - which creates all sorts of vulnerabilities in the system. Perhaps the easiest way to think about ADS-B Out is to envision the tour guides at the museum waving their flags about and shouting, "I'm over here, follow me!" That's what aircraft equipped with ADS-B Out transmitters basically do.ĪDB-S Out uses onboard instruments, including GPS, to populate 112 bits-long data packets with such information as aircraft identification, surface position, airborne position with barometric altitude, airborne velocities, and airborne position with GPS altitude. How Does ADS-B Work?īut what is ADS-B in the first place? ADS-B comes in two flavors: ADS-B Out and ADS-B In. It would be trivial for a malicious hacker to take either of these programs and execute them in the real world with the use of an inexpensive $300 software-defined radio (SDR). The attack was demonstrated in 2012, and again in 2016 by a separate individual, but it's been almost 19 years since we've known about the vulnerability and nothing has been done about it.
Some applications may require independent validation of the ADS-B information … to detect spoofing and this is the aspect where the security concerns are raised. This represents one type of vulnerability in the FAA's NextGen system, one that has been known as early as Sept. What we described is an example of a spoofing attack on the "ADS-B In" and TCAS, which work together in a cooperative ranging system, as they are both built on the same foundational Mode S data link.
This is ADS-B data taken while nearly all aircraft over western Europe were grounded on Thursday, April 15, 2010, following an eruption under Eyjafjallajökull glacier in Iceland.