Image: Wikimedia Commons
Blog Editor’s Note: We often talk in this blog about GPS vulnerability, but it is good to be reminded that other systems are vulnerable also. GPS is briefly mentioned at the end of the article
Attackers could potentially change the course of a flight using $600 worth of commercially available equipment
Hackers could hijack the systems used to guide planes by compromising and spoofing the radio signals that are used during landing.
That’s according to a team of researchers at Northeastern University in Boston, who have detailed their research in a recently published white paper.
“Modern aircraft heavily rely on several wireless technologies for communications, control, and navigation. Researchers demonstrated vulnerabilities in many aviation systems,” said the academics.
“However, the resilience of the aircraft landing systems to adversarial wireless attacks have not yet been studied in the open literature, despite their criticality and the increasing availability of low-cost software-defined radio (SDR) platforms.”
After analysing the instrument system waveforms, the researchers found that hackers can spoof such radio signals using commercially available tools.
With them, attackers are able to cause last-minute go-around decisions and even make the plane miss its landing zone in low-visibility scenarios.
“We first show that it is possible to fully and in fine-grain control the course deviation indicator, as displayed by the ILS receiver, in real time, and demonstrate it on aviation-grade ILS receivers. We analyze the potential of both an overshadowing attack, and a lower-power single-tone attack,” they explained.
To demonstrate the severity of these vulnerabilities, the research team also developed a tightly-controlled closed-loop ILS spoofer.
“It adjusts the adversary’s transmitted signals as a function of the aircraft GPS location, maintaining power and deviation consistent with the adversary’s target position, causing an undetected off-runway landing,” said the experts.
“We demonstrate the integrated attack on an FAA certified flight-simulator (XPlane) incorporating a spoofing region detection mechanism, that triggers the controlled spoofing on entering the landing zone to reduce detectability.”
They evaluated the performance of the attack against X-Plane’s AI-based autoland feature, which showed a “systematic success rate with offset touchdowns of 18 meters to over 50 meters”.
The researchers concluded: “Through both simulations and experiments using aviation grade commercial ILS receivers and FAA recommended flight simulator, we showed that an attacker can precisely control the approach path of an aircraft without alerting the pilots, especially during low-visibility conditions.
“We discussed potential countermeasures including failsafe systems such as GPS and showed that these systems do not provide sufficient security guarantees and there are unique challenges to realizing a scalable and secure aircraft landing system.”