US: The Federal Aviation Administration (FAA), US, is in the process of upgrading its air traffic control system. The current radar-based air traffic control system will be replaced with a new system called the Next Generation Air Transportation System (NextGen). NextGen will rely on GPS instead of radar to locate planes, and it is designed to allow air traffic controllers and pilots to pack more planes, helicopters and eventually drones into the skies.
The cornerstone of this new system is automatic dependent surveillance-broadcast or ADS-B. Basically, planes will be equipped with GPS and will constantly send out little radio broadcasts announcing to the world who they are and where they are.
However, a number of computer security experts are concerned that NextGen is insecure and vulnerable to hackers.
Canadian computer consultant Brad Haines and partner, Nick Foster, created a radio capable of broadcasting spoofed signals to prove this point. They were also able to hook a radio to a free online flight simulator game called Flight Gear. They used the game to create a ghost plane — a plane that would appear to be real to air traffic controllers using ADS-B — and then they buzzed San Francisco International Airport.
More than 4,500 miles away in France, Andrei Costin, a Romanian grad student, realised the same thing. Working independently, Costin built a little software-defined radio hooked to a computer that created fake ADS-B signals in a lab.
And it”s not just Romanian grad students and Canadian hackers who have expressed concerns about the security of the next generation of air traffic control.
Last year, Air Force Maj. Donald L. McCallie, studying cyberwarfare at the Air Force Institute of Technology, wrote about the same kinds of attacks, and concluded that this system may put us “on a collision course with history.”
Until now, the FAA has been reluctant to respond. It hasn”t released data from its own security test, and the agency”s initial response both to the Air Force paper and the more recent hacks has been muted.
Initially, the agency released a one-paragraph statement that said in part, “An FAA ADS-B security action plan identified and mitigated risks and monitors the progress of corrective action. These risks are security sensitive and are not publicly available.”