Researcher Finds Security Holes In FAA's New Flight Control System 60
gManZboy writes "A key component of the FAA's emerging 'Next Gen' air traffic control system is fundamentally insecure and ripe for manipulation and attack, security researcher Andrei Costin said in a presentation Wednesday at Black Hat 2012. Costin outlined a series of issues related to the Automatic Dependent Surveillance-Broadcast (ADS-B) system, a replacement to the decades-old ground radar system used to guide airplanes through the sky and on the ground at airports. Among the threats to ADS-B: The system lacks a capability for message authentication. 'Any attacker can pretend to be an aircraft' by injecting a message into the system, Costin said. There's also no mechanism in ADS-B for encrypting messages. One example problem related to the lack of encryption: Costin showed a screen capture showing the location of Air Force One — or that someone had spoofed the system."
Re:two very different concerns (Score:5, Insightful)
There is a reason this info is not encrypted: People need to know where airplanes are in the sky, especially other planes, including private aircraft.
You don't really want airplanes location in the sky to be a secret or you literally run in to serious trouble.
Re:Misleading title... (Score:5, Insightful)
True, but since ATC's DO provide info to FCS's,
No they don't. Period. ATC NEVER provides direct control to planes. PILOTS provide information to FCS, which may or may not be provided via ATC, which may or may not be at least partially based on ADS. Its also worth noting that ADS is not intended to replace radar in high traffic areas, which are in fact the areas most likely targeted for tom foolery.