Ghost is in the Air(Traffic) - BlackHat 2012 - ADS-B ATC hacking - real airplane replay, fake airplane spoofing/impersonation

Downloads

• “Ghost is in the Air(Traffic)” BlackHat 2012 Slides
• “Ghost is in the Air(Traffic)” BlackHat 2012 Whitepaper

Timelines

• Jun-2011 - Jul-2011 - Initial interest and research started
• Jul-2011 - Feb-2012 - Some low-pace experiments, study of specifications, experiments, additional hardware acquisition
• Feb-2012 - Mar-2012 - Revived interest
• Mar-2012 - May-2012 - Development and preparation for BlackHat 2012 application
• May-2012 - Application for BlackHat 2012 application
• 07-Jul-2012 - Whitepaper and slides limited access available to BlackHat 2012 organizers only
• 23-Jul-2012 - Whitepaper and slides public access available to all

Demo Ghost is in the Air(Traffic) - BlackHat 2012 - Airplane replay, fake airplane spoofing/impersonation

[More:]

Clarifications

• Make sure to check our whitepaper first before concluding and/or commenting - the whitepaper will definitely help in understanding all bits and pieces of our research, contribution, approach, etc.
• Main intent of this research is to objectively and technically address the insecurities in ADS-B
• In this context, our main contribution is twofold - demonstrate the easiness and practicality of such attacks before the ADS-B is 100% deployed and used as primary surveillance technology; as a consequence of first objective, the second is to dramatically raise awareness of the issues (known before but not properly addressed and/or disseminated) so that these can be fixed in appropriate timeframes before safety is compromised
• We didn’t literally discovered the holes - the holes have been known and theoretically discussed since early 2006
• No FUD intended or conveyed - we have tried our best (and hopefully succeeded in most part) to clearly push the “no-FUD and no-apocalypse” message into the reports and press, just facts and demos

In the news

• Forbes “Next-Gen Air Traffic Control Vulnerable To Hackers Spoofing Planes Out Of Thin Air”
• CNN “Researcher: New air traffic control system is hackable”
• Wired “Air Traffic Controllers Pick the Wrong Week to Quit Using Radar”
• SecurityWeek “Air Traffic Control Systems Vulnerabilities Could Make for Unfriendly Skies [Black Hat]”
• Discovery “Air Traffic Control Could Be Spoofed”
• Yahoo “Hackers could haunt global air traffic control: researcher”
• InformationWeek “FAA’s New Flight Control System Has Security Holes: Researcher”
• NPR “Could The New Air Traffic Control System Be Hacked?”
• NYTimes “The Frightening Things You Hear at a Black Hat Conference”
• Slashdot “Researcher Finds Security Holes In FAA’s New Flight Control System”
• Gizmodo “Air Traffic Control of the Future Is (Still) Incredibly Hackable”
• “Air traffic control: an easy target for hackers?”

Many thanks for the reporters for dedicating time and publishing space to this topic - very much appreciated!
Thank you everybody for the comments, thoughts, ideas and support!

Stay tuned (to 1090MHz) for more details from our side on this hot topic…

Securely yours,
Andrei

Tags: ATC ATM ATC/M ADS-B ADSB NextGen FAA EUROCONTROL CASA blackhat blackhat12 bh12 bh12us defcon hacker hacking replay fake spoof impersonate track airplane aircraft airforceone af1 usrp gnuradio sdr andrei costin andreicostin.com eurecom eurecom.fr