The radio-navigation planes use to land safely is insecure and can be hacked

Radios that sell for $600 can spoof signals planes use to find runways.

A plane in the researchers' demonstration attack as spoofed ILS signals induce a pilot to land to the right of the runway.

Enlarge / A plane in the researchers' demonstration attack as spoofed ILS signals induce a pilot to land to the right of the runway. (credit: Sathaye et al.)

Just about every aircraft that has flown over the past 50 years—whether a single-engine Cessna or a 600-seat jumbo jet—relies on radios to safely land at airports. These instrument landing systems are considered precision approach systems, because, unlike GPS and other navigation systems, they provide crucial real-time guidance about both the plane’s horizontal alignment with a runway and its vertical rate of descent. In many settings—particularly during foggy or rainy nighttime landings—this radio-based navigation is the primary means for ensuring planes touch down at the start of a runway and on its centerline.

Like many technologies built in earlier decades, the ILS was never designed to be secure from hacking. Radio signals, for instance, aren’t encrypted or authenticated. Instead, pilots simply assume that the tones their radio-based navigation systems receive on a runway’s publicly assigned frequency are legitimate signals broadcast by the airport operator. This lack of security hasn’t been much of a concern over the years, largely because the cost and difficulty of spoofing malicious radio signals made attacks infeasible.

Now, researchers have devised a low-cost hack that raises questions about the security of ILS, which is used at virtually every civilian airport throughout the industrialized world. Using a $600 software defined radio, the researchers can spoof airport signals in a way that causes a pilot’s navigation instruments to falsely indicate a plane is off course. Normal training will call for the pilot to adjust the plane’s descent rate or alignment accordingly and create a potential accident as a result.

Read 36 remaining paragraphs | Comments

Alleged plane hacker said he pierced Boeing jet’s firewall in 2012

Chris Roberts also claimed to access International Space Station system.

More than two years before before coming under FBI questioning about possibly hacking into the in-flight entertainment system of a commercial plane while it was in mid air, a security researcher told peers he accessed the computer controls of other highly sensitive aviation and aeronautics systems, including the International Space Station.

Chris Roberts of One World Labs told an audience in 2012 he bypassed the on-board firewall of a Boeing 737 plane he was traveling on and made contact with the Apache Tomcat webserver the firewall was protecting. He told the same audience he accessed communications systems NASA uses to control the International Space Station and changed the temperature. It was impossible to confirm the veracity of those claims, which went largely unnoticed until Friday, when an FBI search warrant application came to light alleging Roberts told agents he took control of a jet plane and briefly caused it to climb and fly sideways.

The 2012 talk, titled By Land, By Sea, By Air has already touched off howls of protest from some researchers who say even the passive accessing of restricted parts of a plane while it's in flight is grossly reckless. Critics also argue the behavior would likely be a violation of the Computer Fraud and Abuse Act, which makes it a felony to gain unauthorized access to protected computer systems.

Read 6 remaining paragraphs | Comments