It wouldn’t take much to cause a plane to crash-land, warn researchers
Hackers could hijack the systems used to guide planes by compromising and spoofing the radio signals that are used during landing.
That’s according to a team of researchers at Northeastern University in Boston, who have detailed their research in a recently published white paper.
“Modern aircraft heavily rely on several wireless technologies for communications, control, and navigation. Researchers demonstrated vulnerabilities in many aviation systems,” said the academics.
Modern aircraft heavily rely on several wireless technologies for communications, control, and navigation
“However, the resilience of the aircraft landing systems to adversarial wireless attacks have not yet been studied in the open literature, despite their criticality and the increasing availability of low-cost software-defined radio (SDR) platforms.”
After analysing the instrument system waveforms, the researchers found that hackers can spoof such radio signals using commercially available tools.
With them, attackers are able to cause last-minute go-around decisions and even make the plane miss its landing zone in low-visibility scenarios.
“We first show that it is possible to fully and in fine-grain control the course deviation indicator, as displayed by the ILS receiver, in real time, and demonstrate it on aviation-grade ILS receivers. We analyze the potential of both an overshadowing attack, and a lower-power single-tone attack,” they explained.
To demonstrate the severity of these vulnerabilities, the research team also developed a tightly-controlled closed-loop ILS spoofer.
AI & Machine Learning Live is returning to London on 3rd July 2019. Hear from the Met Office’s Charles Ewen, AutoTrader lead data scientist Dr David Hoyle and the BBC’s Noriko Matsuoka, among many others. Attendance is free to qualifying IT leaders and senior IT pros, but places are limited, so reserve yours now.
“It adjusts the adversary’s transmitted signals as a function of the aircraft GPS location, maintaining power and deviation consistent with the adversary’s target position, causing an undetected off-runway landing,” said the experts.
“We demonstrate the integrated attack on an FAA certified flight-simulator (XPlane) incorporating a spoofing region detection mechanism, that triggers the controlled spoofing on entering the landing zone to reduce detectability.”
They evaluated the performance of the attack against X-Plane’s AI-based autoland feature, which showed a “systematic success rate with offset touchdowns of 18 meters to over 50 meters”.
The researchers concluded: “Through both simulations and experiments using aviation grade commercial ILS receivers and FAA recommended flight simulator, we showed that an attacker can precisely control the approach path of an aircraft without alerting the pilots, especially during low-visibility conditions.
“We discussed potential countermeasures including failsafe systems such as GPS and showed that these systems do not provide sufficient security guarantees and there are unique challenges to realizing a scalable and secure aircraft landing system.”
Delta is a new market intelligence service from Computing to help CIOs and other IT decision makers make smarter purchasing decisions – decisions informed by the knowledge and experience of other CIOs and IT decision makers.
Delta is free from vendor sponsorship or influence of any kind, and is guided by a steering committee of well-known CIOs, such as Charles Ewen, Christina Scott, Steve Capper and Laura Meyer.
Ten crucial technology areas are already covered at launch, with more data appearing and more areas being covered every week. Sign-up here for your free trial of the Computing Delta website.