Given my sort of 'maker' inclinations, I find these articles amusing. The "3D print a gun!" ones were similar.
Basically they come down to, if you learn how a system works, or how something is made, you can learn to implement or influence that system and/or build that thing. Back in the 60's the click bait was "kid learns how to build an atomic bomb!" This was pretty eye catching but really it is just physics, material science, and a bit of math.
That said, so many people rarely look past the surface of things, seeing something like a cell phone as an opaque magical brick that can do wondrous things. And yet all that the phone does, and how it does it, are knowable if someone chooses to invest the time. (admittedly it is a lot of time if you don't have the basics).
The headline, "People who know how radios work can affect systems that are based on radio." is so much less scary.
> The headline, "People who know how radios work can affect systems that are based on radio." is so much less scary.
No, it is not. Nobody should be able to influence air traffic in that way just because she/he understands the transport layer.
After spending a night with a friend who just returned from a security audit (lots of cocktails were involved too) 15 years ago, I am convinced that the only reason we have not seen major disruptions yet is because of a pretty strict adherence to hacker ethics: one of the global "airport tech players" was deploying systems that used UDP for ground traffic control.... Having a bus or lorry use an active runway is just a single, malicious UDP packet away...
> Having a bus or lorry use an active runway is just a single, malicious UDP packet away...
There are multiple safeguards in place to avoid single points of failure, such as runway crossing procedures with mandatory call to air traffic control unit for explicit permission before entering a runway. Many ATC recordings on VASAviation Youtube channel show that even rescue services (during emergencies) adhere to that.
Taxiways leading to runways are marked with holding positions that may not be crossed without authorization: https://i.imgur.com/dCF8lFi.jpg For extra visibility in poor weather, many airports are also equipped with runway guard lights paved into the ground or blinking on either side of the taxiway: https://i.imgur.com/dbix1Aw.png
Surface movement radars and transponder-based systems have also become widespread. They trigger alerts when a vehicle is about to enter an active runway: https://i.imgur.com/sJQ94zq.jpg
True, and you have real pilots. Many really busy airports do visual approaches and I know a couple pilots personally who don't often bother with ILS unless the conditions are bad.
Remember in San Fransisco where a plane almost landed on a taxi way instead of the runway? It's worth reading the complex situation with the off-line runway and the way ILS was setup with those runways being so close together, but what prevented the disaster was a pilot in the Taxi line of aircraft getting on the radio and saying, "Where is this guy going?!" and everyone suddenly realizing they were lined up for the Taxi way!
Real people, being aware, looking and reacting prevented that accident. That's why human checks and cross-checks are so important.
> I know a couple pilots personally who don't often bother with ILS unless the conditions are bad
Because it is a pain.
Every pilot has to learn to do visual approaches.
I think it just makes one thing apparent though. If we go to fully automated flying then there must ALSO be a visual check. In fact we can make it better than humans because we should make sure that the plane can see through fog. But key point is that there is always some redundancy built in.
If we go to fully automated flying then there must ALSO be a visual check.
I don't think a visual check is needed (otherwise you would be much more limited in where/when you can land), but cross-checking some other data is. Turns out we're already there, and in an ILS approach the pilots should already be checking other instruments.
I am convinced that the only reason we have not seen major disruptions yet is because of a pretty strict adherence to hacker ethics
Sure, that and the redundancy and procedure built into an ILS approach. Keep in mind that even airplanes on the wrong part of the tarmac can fuck with the localizer. ILS is imperfect and that's already well known and worked around[1].
> No, it is not. Nobody should be able to influence air traffic in that way just because she/he understands the transport layer.
I hear you. But it is the reality of the world. There comes a time when everyone realizes that the boundary between civilized behavior and uncivilized behavior is just a convention. I think of it as the final stage of moving from childhood into adulthood.
For example, you could go into the hardware store and buy a couple of bags of fertilizer, some stump remover, a bag of charcoal for the grill, some food for the roses, and six quarts of motor oil. Are you going to do some gardening and grilling over the weekend or going to blow up someone's house? The materials work for either activity. Maybe you rent a moving van over the holiday weekend. Helping a buddy move? Or mowing down tourists at a crowded venue?
People who choose to be evil will be evil. There isn't anything you can do about them but you can build defense in depth on various other ways.
In the case of air navigation you have a pilot in the cockpit who is supposed to be paying attention. They can takeoff, navigate, and land with nothing more than their eyeballs, a compass, and some paper charts. All the other gizmos help certainly but they aren't essential[1]. When people actively interfere with the other gizmos, whether it is intentionally by transmitting on restricted frequencies, or unintentionally like the delivery truck that shut down Newark Airport because the driver used a GPS jammer to keep the home office from seeing they were taking a break while he watched the planes, it has effects. The rest of the system reacts to minimize damage and risk and the actions themselves bring attention to the people involved.
It is fortunate in my experience that that 90+% of the people in the world are too lazy or simply not wired to be curious about how things work the way they do. You may have noticed from the article that they didn't say how you would interfere with navigation with a "$600 SDR", they just said that you could. Most people reading that will say, "Oh dear that's dreadful! Oh look here's a picture of a funny puppy on the next page."
As I get older and meet more people, it amazes me how rare genuine curiosity really is. The persistence to follow that curiosity in order to develop understanding is rarer still. Life doesn't have a safety net, and trying to give it one to eliminate danger completely is pretty futile.
[1] Ok the pilots in the group are going to jump up and say, without an artificial horizon, an airspeed indicator, and working altimeter and you'll be sorry but even without those you can do pretty well.
(Hi Chuck!) I find myself to be in the mathematician camp ("A materials scientist, a Physicist, and a Mathematician were sharing a hotel room when a fire broke out, waking the materials scientist...") when it comes to things kinda like this. If it's a solved problem, I'm not interested in going any further - it's a solved problem, and therefore not really interesting.
Given that one wouldn't care about spectrum purity, the required budget becomes minimal, with a trivial hardware component resulting in components easily obtainable with an anonymous visit to a swap meet, if one were to visit the right swap meet. After that, it's a simple matter of programming.
I've found that a lot of people are so defined by their job that they have no idea what happens above or below them. The "I deal with packet filters" person can't explain basic networking, nor do they have any idea what the overall configuration of the (enterprise) network is like, to cite an example.
That is impossible to prevent. If not anything, it is usually not that difficult to overwhelm any electromagnetic communication with your own powerful signal. Preventing communication is at least as destructive as manipulating communication without avoiding detection.
The gods decided that we shall not wield exponential fire less it serves them, thus your smartphone advanced a thousand years, but your cigarettes lighter did not.
To contemplate a fusion driven cigarette lighter is heresy.
Theire will shall be done, the thought not even contemplated.
It is interesting to know whether a system that is important for safety and/or security is susceptible to hijacking by anyone who can build a radio or whether it is protected using secure cryptography (and then, who holds the keys).
If, for example, simply transmitting in the clear on the right frequency can get the airliner to try to land on a virtual runway that is 20 feet below the real one - that is interesting.
I agree with this basic sentiment, there is a whole class of problems that were "hard" before modern technology made them "easy". It is definitely interesting to look at legacy systems that relied on the 'difficulty' factor as part of their design as a protection against abuse.
For example it was both inspiring and utterly brilliant in the way that Alan Turing broke the Enigma cipher with his Bombe machine, but today anyone who knew how Enigma worked (which England did at the time) with a modern laptop could exhaustively search the keyspace and 'crack' messages in real time.
Software radios have made it possible for curious people to have "read/write" access to the entire spectrum between half a megahertz and six gigahertz. That will continue to be a problem for people who designed systems that depended on how "difficult" it was to build a radio at their particular frequency.
That isn't the case for Aircraft navigation. Anyone who can pass the Amateur "General' class exam in the US has the necessary knowledge for interfering, potentially destructively, with aircraft navigation. I normally would consider that a non-issue except that Asian Airlines flew a plane into the runway at SFO. Is that a system problem? Or one where the pilot should be better trained? Arguments can probably made along those lines. But that interfering with navigation is possible with pretty much "off the shelf" components? Not really a new thing and certainly not something that is an imminent threat to passenger safety.
I don't know how aircraft systems work. Can a directional antenna spoofing ILS [2] cause the crash of an airliner using ILS to land in bad visibility conditions? Does the plane trust the ILS signal? What if you combine that with a GPS jammer or GPS spoofer? Or do we consider that military technology, like MANPADs, and so out of scope? But some airlines consider MANPADs in scope, and use flares or laser systems to defend against them [1].
Possibly, but the pilots would have to screw up as well. You typically tune in the ILS when you're expecting to pick up the approach. It's not like you set the ILS frequency hours before landing and just follow the first signal that pops up. So if you do follow a malicious signal, it's going to be few miles away from the airport at the furthest. However, ILS is becoming less used because it requires maintenance of ground systems. GPS approaches could also be spoofed, but would be a more sophisticated attack. But with GPS navigation you aren't tuning radio frequencies in your nav equipment so there's probably more chances to fool a pilot (you could drag them much further away from the airport if you started spoofing GPS further out).
However, ALL instrument approaches have minimum visual altitudes, and the lowest I'm aware of is 200 ft above the ground. If you can't see the airport by the time you get down to the minimum altitude you execute a missed approach procedure- basically you climb and navigate to another waypoint to restart the approach or to hold. Additionally, all aircraft must have barometric altimeters as required equipment- no amount of radio spoofing can fool them.
So in an ideal world an attack would go like this: the pilot follows the malicious approach, notices that they are at the minimum altitude, looks for the airport but doesn't see it (or sees it a few miles away), then executes a missed approach- no crash. There aren't too many tight approaches that could make you crash by being off by a mile.
To get around this you would need to spoof either the pitot-static (pressure sensing) system, or the pilot's altimeter setting. You could only spoof the pitot-static system by sabatoge on the ground, and you can only realistically spoof the altimeter setting by pretending to be ATC on the radio- at which point the real ATC would correct whatever you said and get real suspicious.
Of course, given that instrument landings are the highest workload portion of a flight, pilots get distracted. Even if they would normally catch on to the fact that they aren't on the correct approach, you might cause a few crashes by pilots that aren't on top of their game.
Edit to add one more thing: Your plane is tracked by airborne surveillance as well, and if you claim to be at a waypoint and that doesn't match what ATC has on their scope they will warn you. So you'd have to also spoof a surveillance signal at the correct location while blocking the real planes signal to keep ATC from noticing.
Then I suppose that with really bad visibility someone could probably fake an ILS and cause the plane to crash without the pilots having the chance to recover. After looking around, it seems that several large airports,.and even a few medium size airports in the US have Cat III approaches: https://sites.google.com/site/ilsapproaches/Home/cat3
I never even considered the possibility of a CAT IIIc where you can land in zero visibility, probably because I'll never fly an airplane with suitable equipment. I've never briefed flying a CAT III approach, and wouldn't even consider landing at those airports in the light planes that I fly. In my local area around KDEN the general consensus is that while it's technically legal to land a light plane at KDEN you would probably have to declare an emergency to get clearance from ATC, and even then they'd strongly encourage you to land somewhere nearby (like KFTG) if possible.
It depends. We now have this little thing called the Internet, and you can quickly learn a ton of things on it. Even if you just learn a few points and without all the details, that's still better than nothing and at least a starting point for further study, if needed.
And it depends on the direction of the answers too.
For example I think most autoland still require some amount of visibility a few seconds before touchdown, and the pilots are supposed to go around if they do not have it. Plus, I believe planes also use a radio altimeter while landing. But I don't believe they use GPS for the final approach.
So you might put a plane in a difficult position with that kind of attack, but not necessarily making it crash. And there are probably more easy ways to do more damage.
That would actually be pretty hard, since the airliner uses their own altimeter and radar to determine how close they are to the runway.
Much easier would be to put the runway where it doesn't exist, such as at the foot of a cluster of tall buildings or hillside that is a mile from the actual location. A strong transmitter and directional antenna would be effective. It would be a once-only attack, because the FCC, FAA, FBI would all be on maximum alert after that. There's also a good chance it wouldn't work because the airliner is cross checking its position with GPS, ATC is cross checking with radar, and there's a good chance either the pilot or ATC will abort due to confusion over position.
They don't have to deflect the plane that far -- if they can just deflect it 100 ft to the side to land on a busy taxiway or a parallel runway that's under construction with heavy equipment on it, that could cause a disastrous crash (or to land 100 ft before the start of the runway onto a freeway or water)
Ideally the pilot would notice and correct, but in poor visibility, maybe they wouldn't have time.
AIUI, these systems rely on physical placement of the transmitters, so deflecting a plane by 100ft requires your transmitter to be more or less 100ft offset from the real one. At least, this is true of TACAN, maybe ILS is different.
A set of encryption keys for a critical system is another point of failure: when there is a problem with the keys the system stops working. I'd posit that the risk of a failure due to a problem with the keys is greater than the risk of a failure due to spoofing, so the safest solution in practise is to leave the encryption out until failures due to spoofing are more common than failure due to keys (meaning it is unlikely that encryption will ever be installed).
And because of this, systems often fall back to cleartext (esp for ILS which would need backwards compatibility). This allows for jamming sufficient to cause crypto decoding error, forcing failover to cleartext. Spread spectrum (e.g. frequency hopping) can mitigate this by improving jam margin, but still requires key material.
The best response is probably jamming (seduction) detection, through good data fusion algorithms. Hard to do directive jamming without sidelobe leakage that could be detected on the ground.
Transmitting a signed (AEAD) bitstream should be possible by publishing a public key in the NOTAM. The cost decrease in DRFMs (SDRs) also means that deploying radio receivers with upgradable waveforms is also much cheaper.
For something like airplane signals you do not need encryption though - you only need to verify the integrity of the data, which is done either by signatures or MACs.
No encryption whatsoever. The systems are primitive analog systems, about the level of WW2 guidance technology. This is also not news to anyone who bothered to read Wikipedia or Stackexchange.
That may be interesting, but the fact that airliners could be fooled or even crashed by interfering with the radio signals they rely on is no more a security concern that the fact that airliners can be shoot down with missiles.
There's plenty of reasons why a simple radio attack is potentially more serious than a missile attack.
It's a lot easier to buy an SDR than a SAM -- even ignoring the cost differential. I don't know the black market cost of a man portable SAM, but the SDR described in the article is less than $1000 and you can buy it commercially.
If you're caught with an SDR in your suitcase, no one will likely know what it is "I use it to listen to shortwave, here, I'll demo", while if you're caught with a SAM, you'll likely end up in jail.
No one is going to build a SAM in their hotel room, but it doesn't take much specialized skill to solder together a radio jammer using schematics transferred to you over the internet.
And finally, you can use the radio jammer from a backpack and no one will know it's there, but the SAM will leave a trail leading back to you.
It's a lot easier to buy an SDR than a SAM -- even ignoring the cost differential.
Building an SDR which can output a signal strong enough to overpower the ILS array is not going to be cheap, subtle, or particularly easy. ILS is glitchy and pilots are trained to deal with the glitches — a localizer can be disrupted merely by having a plane (or any other large metal object) nearby.
It appears to be a huge problem... perhaps messages sent over the air for such an important system should be crypto-signed?
It reminds me of when the Army's drone was diverted and captured because someone spoofed GPS... It probably isn't possible to capture a drone in the same way anymore because I'm sure that they fixed this flaw.
It's like the HTTP vs HTTPS problem ... but anyone can MITM attack because the signal is wireless (and not encrypted and/or signed).
It’s not surprising that Google prefers reliable sites with a valid server certificate.
In this case, the user can be sure that the site uses encryption of personal data to increase protection and security. However, it must be understood that obtaining a certificate can be a daunting task (which accounts for the additional weight of this factor when ranking).
When a site requests a certificate, the organization that issued the certificate becomes a trusted third party to read more here https://sitechecker.pro/http-vs-https/ and check it. When your browser accesses a site that uses the secure HTTPS protocol, it uses the information contained in the certificate to authenticate the site. A user who understands the difference between HTTP and HTTPS, can safely make purchases, and not be afraid that his data will be stolen.
The localizer (lateral deviation indication) is going to be harder to spoof due to the beat/squeal that it would introduce when broadcast alongside the legitimate localizer. The pilot (or PNF) will monitor the audio signal for the Morse code that identifies the localizer and the squeal will be apparent.
The glideslope signal (vertical deviation indication) would be easier to spoof. Set that up 1/2 mile short of the runway and aligned to intercept the proper glideslope shortly before the true glideslope intercept point (Maltese cross on the chart). That has a chance of working and going undetected. If you're able to get an aircraft onto the rogue glideslope lobe, even when ATC gets a low altitude alert, the crew is likely to report they're perfectly on glideslope. I'm not sure this is as practical an attack as simply firing on an aircraft on approach, of course.
And with WAAS, the world is moving towards GPS approaches anyway. Even without careful planning anyone with a mildly powerful VHF radio and a yagi antenna can jam ILS, VORs and ATC comms rather effectively and has been able to since the end of WWII.
I've seen these articles pop up a few times in the past couple days but everyone in aviation already knows that there isn't any security on this stuff. People even jam ATC for giggles sometimes[1]. There's enough redundancy that nothing bad has happened as a result so everyone goes on with life. I think this is just low hanging defcon fruit targeting non aviation-aware readers.
Or impersonate. One of my pilot friends was planning a trip across the CA Central Valley, and he reported with some bemusement that there was at active NOTAM (NOtice To Air Men) to be on guard about some guy in the Fresno area that was impersonating ATC. Apparently it had been happening for months and nothing much by way of investigation had taken place.
At this point I pretty much concluded that bad Part 15 devices or PG&E power line noise h0rk1ng over my ham radio reception was not going to get any attention, ever, if the FCC can't be bothered to find an ATC impersonator. I mean really, there are hams that do hidden transmitter hunts purely for sport. A posse of them could find that clown easily on any random Saturday morning and not be late for lunch.
> there are hams that do hidden transmitter hunts purely for sport. A posse of them could find that clown easily on any random Saturday morning and not be late for lunch.
What is a bunch of random nerds going to do? They have no power to fine or arrest. All they can do is document the evidence and turn it over to the FCC, which does happen on occasion. But, I have listened to ARRL division directors talking about trying for years to get well-documented egregious cases of malicious interference dealt with by the FCC. The FCC just can not be bothered. It's not so much that they can't be bothered to collect evidence, which they can't, but even if they have evidence, that can't be bothered to act on it. The FCC should be a technical organization but is pathetically political.
One of my ham friends deals with the FCC often, because he works in spectrum management at the NTIA. The stories he tells make me never want to set foot in D.C. except to visit all the museums that my taxes fund.
You need to get the community organised for a hunt. I recall one that happened when a rogue retransmitter managed to spill religious radio onto TWR2 frequency at local Airport
You're assuming it would broadcast long enough to find the station, not a hit and run operation. And even if there was a constant signal, they could be using a repeater.
The T-hunting game is usually pretty spicy, with intermittent transmissions and propagation hacks. A repeater adds no difficulty at all.... just DF the input of the repeater.
Ars technica cited a researcher at Northwestern that said GPS isn't necessarily a perfect fallback
> One reason: the types of runway misalignments that would be effective in a spoofing attack typically range from about 32 feet to 50 feet, since pilots or air traffic controllers will visually detect anything bigger. It’s extremely difficult for GPS to detect malicious offsets that small. A second reason is that GPS spoofing attacks are relatively easy to carry out.
The Iran thing is dubious. If they did pull it off it required state level resources. Eventually it might be possible with commercial hardware but there isn't a lot of cheap stuff on the market that can generate the frequencies needed at the requisite power. It's worth noting that while the real GPS signal is very weak, the antennas that receive it are on the top of the plane and are somewhat directional. The receivers also have some minimal integrity checking capability IIRC.
This is not to say it's impossible, but with the current stuff on the market and required software investment I'd put it at an order of magnitude or two higher execution complexity than grabbing a VHF radio and messing with ILS beams.
> The Iran thing is dubious. If they did pull it off it required state level resources.
The Islamic Republic of Iran, by definition, has state level resources. In addition to their own resources, they have close ties with Russia and China. I agree with your ballpark of an order of magnitude higher complexity than messing with ILS, but that's well within Iran's capabilities.
Most of the dubiousness I've seen is wrt the fact that the DoD claims that RQ-170's use inertial guidance and terrain following since GPS is so easily gamed (jam encrypted ranges, spoof civilian ranges). Even the DoD claims that a GPS attack itself is easy.
Of course none of the DoD's version of events explains why then Iran has a mostly intact RQ-170...
I've already taken over GPS (not jam, emulate all 12 sattelites for a takeover) in a dummy load environment (large paint can grounded). It was with a ADALM-Pluto. Tx was only 5mW but I could easily build a multistage amplifier and filtered appropriately.
Why dont I? Its illegal and its ethically wrong, and its not my focus of study.
Generating the requisite signal is easy to do with opensource code and just $200 or so of equipment.
I bet the drone didn't use the military encrypted GPS because they didn't want encryption keys to fall into the wrong hands (they're global), or just because the effort to load the new GPS keys every week was too much, The attackers just jammed and then spoofed GPS, and by providing a very strong signal, any kalman filters designed to merge signals from inertial units would be fooled.
There are a couple of very interesting articles on GPS spoofing. Not only is it doable [0] but there are some interesting cases that most people don't really think about. Consider that GPS is often used as a timing signal by various financial entities (including stock exchanges). If you override the legitimate GPS signal (not a lot of power required as you'll be much closer to the receiver) and introduce a small deviation into the timing signal you can create some very interesting (and profitable) effects in the stock market. [1]
Even introducing an error into the system can cause disastrous effects [2]
Whenever I hear something like this it reminds me of the favorite talks I attended. The Iridium hacking talk at HOPE XI[1].
"When they talk about security they mainly talk about 'hey this is so complex, no one is able to do this, maybe a state or something like that'. So they say 'it will probably be beyond the reach of all but the most determined attackers.' We went well ok, we are determined."
Additionally don't forget to add in the human aspect of this, the attack may be detectible to somebody in a clean room that is expecting it, but the same attack on a real pilot in flight may work because the human is not expecting it, is distracted, a little tired, paying attention to adverse weather etc
I don't think the attack would work in the wild; even on a Cat III autoland approach, there is still a decision altitude and runway visual range requirements. When the runway never appears it's a go around.
Cat IIIc has no decision height, but there aren’t any airports that are even planning to install this type of system that I’m aware of. Cat IIIa and IIIb have decision heights of 100ft and 50ft, respectively. Those don’t leave much time for a pilot to execute a go-around.
You’d probably have to engineer the flight path to go through a building, power line, or other obstacle, but that in and of itself seems like a difficult proposition since flight paths leading into an airport with this type of system wouldn’t have 100ft obstacles anywhere near the approach direction. You’d have to spoof the localizer to be offset to the side of the runway to accomplish this, but doing it too far will cause instruments to disagree (GPS, VOR) and ATC to yell at you.
Maybe you could aim it at a nearby taxiway, but to do so (per my understanding of the physics of ILS) you’d have to have your equipment in-line with the taxiway. All of this just seems really hard to pull off in practice.
One of the many conspiracy theories associated with this incident is that Russia deliberately created the physical and electronic conditions necessary for this crash to take place.
The cockpit records suggest there were more obvious causes in this instance, but it seems very likely a state actor would be able to engineer a successful attack using a variety of means - not just ILS, but other forms of physical and electronic spoofing.
If you can get the airplane to descend early to a decision height 200 feet above touchdown zone elevation in an area where local terrain is 150’ above TDZE, you might be able to crash one who initiates the missed approach at the DH.
Couldn't squeal be minimized by phase matching the localizer then mixing in a doppler offset (assuming you know what you're targeting)? You would still likely get some noise but possibly not sufficient to disrupt the action.
That's certainly an interesting approach, but also spoofed by sending a adsb-spammer on a balloon. Then, start flooding adsb with 10-100 messages a second.
Wireless systems without AAA and encryption and signing are effectively fucked.
This is an issue, but I wouldn't be too alarmist. It probably wouldn't crash a plane though, just severely cripple an airport. (Cause all take offs to be cancelled, all incoming flights diverted, and the planes in the air land one by one in order of fuel urgency using line of sight.)
Just a basic bomb threat can shutdown operations at most places. Not sure about an airport, but just making the threat can cause disruption pretty darn easily.
(not a pilot) I'd think causing the autopilot to believe it is substantially off-course would induce a sharp bank to correct course. That bank at low altitude can lead to a wing strike. If not, still seems plausible to deviate enough to impact obstacles near the runway.
No airplane low enough to have a 'wing strike' due to a bank would be on autopilot.
In any other condition, the pilot would see the runway well before the aircraft was at an altitude low enough to touch the ground in any sort of bank or turn.
A commercial airplane operating under Cat IIIa ILS at a Cat IIIa Airport could operate on autoland to the touchdown point
Possibly? Not a pilot either (but I took multiple human factors courses which talk a lot about air crashes).
I'd hope that the pilot would notice something is off and abort the landing before that. (Eg: visually be like "oh there is something on the runway I thought I was cleared on)
Theoretically even if cleared for landing they should keep an eye out and abort if, say, an errant baggage cart was in the way.
Pilots aren't always that eagle-eyed, and it is of course much more difficult at night. The very close call of the Air Canada jet that nearly landed on four or five other jets waiting on the taxiway at SFO is a testament to just how badly this can go. And an attack that leads the aircraft into terrain or buildings could put the aircraft into a local minimum that it can't fly out of.
Frankly aviation is ripe for cyber attack. The problem is not simple to solve, mainly because introducing crypto into critical navigation systems will also introduce failures where legitimate service is interrupted due to system glitches. It will take crashing a jet before the industry decides to take this seriously, and it is entirely possible that a terrorist group or state actor will use this weakness. Government and industry can and would respond, but it would take money and time.
>Pilots aren't always that eagle-eyed, and it is of course much more difficult at night.
I would not place blame with a pilot who is cleared for landing, and fails to see something on the runway. Even if they are making a good faith effort to scan the runway, it's hard to see things from the sky with your eyes.
>It will take crashing a jet before the industry decides to take this seriously, and it is entirely possible that a terrorist group or state actor will use this weakness.
I agree it's an issue that should be worked on, but I think it's much more likely (as a parent pointed out) someone will simply fly a drone into the airspace.
After all, bird strike incidents are a major cause of crashes:
>The Federal Aviation Administration (FAA) estimates bird strikes cost US aviation 400 million dollars annually and have resulted in over 200 worldwide deaths since 1988.[56] In the United Kingdom, the Central Science Laboratory estimates[8] that worldwide, the cost of birdstrikes to airlines is around US$1.2 billion annually. This cost includes direct repair cost and lost revenue opportunities while the damaged aircraft is out of service. Estimating that 80% of bird strikes are unreported, there were 4,300 bird strikes listed by the United States Air Force and 5,900 by US civil aircraft in 2003.
(Am IR pilot) Assuming someone is paying any attention, the autopilot suddenly nosing down and the vertical speed increasing would immediately result in missed approach procedures being executed. These approaches usually terminate at a pre-determined height (decision height) which unless you're flying CAT-IIIC (not really used) is minimum around 50ft and more commonly between 100 and 200ft. Therefore you have some room for error in the event something bad happens. Additionally, approach paths won't have any protruding objects within a certain range of the runway.
Former commercial pilot here: we user to be doing IIIC approaches at least 3 times a year.
For the rest, usually below 10.000 feet, there van never be "two heads up", so one pilot is always watching the instruments. Any deviation from expected parameters (airspeed, verticale speed, ils deviation, radio altitude) Will result in an unstabilised approach and thus the execution of missed approach procedures (a go-around).
As mentioned elsewhere, everyone in aviation knows these systems are as insecure as can be.
A lot of aviation runs on basic radio technology. ILS, VORs, all voice comms with ATC. It’s well known that these frequencies can be jammed or transmitted on by bad actors. If you want to do this, go ahead and roll the dice on having multiple federal agencies come down on you like a ton of bricks. See how it works out.
EDIT: (Since I can’t reply because HN for whatever reason prevents me from posting more than 2-3 replies per day): To clarify, yes I’m arguing that this is not newsworthy.
This, specifically is a feature, and why voice is still done over AM. It allows all planes to be heard by ATC, regardless of their transmission strength relative to other planes. AM signals "add" whereas FM tends to have a "capture" effect, and only receive the strongest signal (or most equally strong signals) at a time.
> ILS, VORs
Slightly OT, but I love the simplicity of design in these systems. They've actually inspired me to go, finally, take my HAM license exam. (Probably early next month due to scheduling.)
I sometimes feel like many systems built are just much to over-engineered and don't even attempt to exploit physics to do their job. On the other hand, as this article points out, VORs and ILS aren't authentication.
I still can't believe that there wasn't designed with some kind of authentication built into the ADS-B system. It's newer and deals with transmitting arbitrary data.
> I sometimes feel like many systems built are just much to over-engineered and don't even attempt to exploit physics to do their job.
PAPI lights are my favourite example of this.
For those that don't know the system, PAPI lights are installed next to runway touchdown point and give visual feedback of vertical approach path: are you too low, too high or just fine.
It needs no moving parts and no electronic control.
Each light has a filter that splits the beam into white and red sectors. Red is shown below a certain angle, white above. Each light is at a different elevation angle.
Viewing from a very low angle, all four lights look red. Slightly above that, one of them turns white. At standard approach angle, two are white and two are red. A bit above approach path, the third one becomes white. At very high angles, the whole row is white.
PAPI lights become more precise as the aicraft gets closer. The system can serve any number of aircraft at the same time, does not have to track them, and does not require receivers/transmitters or any other on-board equipment.
If I may rephrase your perspective as I read it: "how do they stop people from breaking the law when it's still physically possible to occasionally break the law and get away with it?"
If that is in fact what you're asking, then there are a great many societal functions that you should be worrying about the stability of at a much higher priority than flight radio.
They trace the transmitters back to you. Fingerprints, other evidence at the scene, purchase records tied to serial numbers on the transmitters... there's a lot you'd have to get right to leave no way for them to find you.
What? You can't "trace a transmitter" like this. You could triangulate someone's location while transmitting.
> purchase records tied to serial numbers on the transmitters
Yeah, I'm sure second hand sales would update this information if it exists in the first place at all, and even if it did, it's not like transmitter transmits that information.
You brag about it somewhere on the Internet, the post gets traced back to your computer, and the parallel construction does a bunch of hand-waving about serial numbers and purchase records and electronics batch numbers and fingerprint matching.
So.. don't do it? If anyone with rudimentary SDR knowledge can build a system to interfere with aircraft landing, and they can get away with it by taking basic precautions (don't stay at the scene and don't brag), that's still pretty terrifying.
Anyone with decent opsec and pre-existing domain knowledge can easily get away with it while regular cops are watching or investigating. Yes, this is extremely terrifying. The only real deterrent is that national-security-interest-level investigators will probably take a look after any serious incident occurs, and then the perpetrator would need to have perfect opsec to remain uncaught. (And this might possibly be accomplished by never touching SDR again.)
Anyone without rudimentary opsec will likely be caught between the "shits and giggles" phase of experimentation and the "domestic terrorism" phase of doing something extremely stupid near an airport. This person will likely ask questions on a forum site that are sketchy enough that the regular hobbyists report the suspicious user. This is a pattern that repeats often: stupid criminal gets caught by talking about doing crimes, or by showing criminal behavior to non-criminals. Any crime large enough to require a conspiracy is also large enough to have a secret informant.
The biggest threat is someone with a legitimate interest in SDR, and enough skill to devise an attack unassisted, who experiences a psychological stress powerful enough to make them break, and turn against the civil order. That is extremely low probability, but still theoretically possible. People that decide to pick up a weapon and fight are likely to use what is at hand, and the expertise they already have, to attack. Everyone else in the field has a very strong interest in making sure that no one does anything overtly stupid with SDR, because even accidental missteps could ruin the profession/hobby for everyone, entire countries at a time.
They don't matter. It's a belief among the commoners that criminals can be traced by performing magical CSI rituals over the serial numbers. So if you are building a plausible parallel construction, you might say you traced the serial numbers.
Skimmed over the whitepaper and did not notice any mention of ILS monitoring systems. Modern ILS has continuous automatic monitoring that triggers alerts or shuts off the whole system if disturbance of beam characteristics is detected.
ILS works pretty much the same way as the Lorenz/Knickebein system used in WWII by the Germans to guide bombers (described in https://news.ycombinator.com/item?id=19737056), so the attack described in TFA sounds basically the same as the countermeasures deployed by the British.
This is well known and has been for decades. Unlike attacks based on the internet though it’s trivial to track down people who are doing illegal broadcasts. There isn’t a concern here.
I can see all the politicians lining up now, “ME, ME, ME. Let ME remind the people that they are under attack”, from something they have no control over
If you flew low at night I think you'd have a decent chance of getting a drone to the right location. You'll need either a decent setup or a decent position to control it though.
Although as others have mentioned, if you're trying to crash a plane or cause a disruption at the airport there's easier ways. Including just flying the drone over the runway (to close an airport).
I think the point being made is that this feels an awful lot like a 'hey, don't keep talking about mcas.... look at this huge problem that terrorists might exploit (if they rent die hard 2), look how scary it is, boogaboogaboo'
Basically they come down to, if you learn how a system works, or how something is made, you can learn to implement or influence that system and/or build that thing. Back in the 60's the click bait was "kid learns how to build an atomic bomb!" This was pretty eye catching but really it is just physics, material science, and a bit of math.
That said, so many people rarely look past the surface of things, seeing something like a cell phone as an opaque magical brick that can do wondrous things. And yet all that the phone does, and how it does it, are knowable if someone chooses to invest the time. (admittedly it is a lot of time if you don't have the basics).
The headline, "People who know how radios work can affect systems that are based on radio." is so much less scary.