Airplane radio navigation systems are vulnerable to manipulation using software defined radio, researchers have shown.
Researchers have proven that a $600 software defined radio can be used to hack into airliners’ radio-navigation system, demonstrating a potentially dangerous flaw in the instrument-based systems that land planes ranging from private Cessna jets to large commercial airliners.
A team at Northeastern University used a commercially available software defined radio (SDR) to spoof radio signals from a plane’s instrument landing systems (ILS) to interfere with landing a single-engine plane using a flight simulator.
The research is just the latest to demonstrate vulnerability in legacy navigation systems. In 2014, for example, researchers at Trend Micro were able to use software-defined radio based attacks to trigger a range of phony messages, from false SOS and “man in the water” distress beacons to fake CPA (or Closest Point of Approach) alert and collision warnings on the Automated Identification System (AIS) used by ocean vessels.
In the latest study, researchers–from Northeastern’s Khoury College of Computer Sciences–demonstrated how they can spoof signals so that the plane’s instrumentation believes it’s off course when it’s actually not, “causing last-minute go-around decisions, and even missing the landing zone in low-visibility scenarios,” the team wrote in a paper, “Wireless Attacks on Aircraft Instrument Landing Systems,” posted online.
While in most cases, even the researchers acknowledge that their methods would not cause a fatal accident, the hack shows the vulnerability of the aviation industry’s long-used instrumentation-based landing system to potential compromise by bad actors.
Old technology, new hack
The ILS enables pilots to conduct an instrument approach to landing if they can’t establish visual contact with the runway by providing precision lateral and vertical position guidance that’s more accurate than what any GPS or other measurement system can provide.
The technology uses a combination of radio signals and also, in many cases, high-intensity lighting arrays to ensure pilots can land planes safely even in low visibility at night, in heavy fog or in other conditions that make it difficult for them to see the runway.
ILS was developed nearly a decade ago, so the technology–like many other legacy systems that exist today–was designed with no thought to hackers and other modern-day security threats, making them susceptible to manipulation by people clever enough to try.
“Security was never considered by design as historically the ability to transmit and receive wireless signals required considerable resources and knowledge,” they wrote.
However, that’s changed now with “the widespread availability of powerful and low-cost software-defined radio platforms,” such as an SDR–a radio communication system in which traditional hardware components are implemented using software on a PC or embedded system. This makes “the majority of wireless systems employed in modern aviation … vulnerable to some form of cyber-physical attacks.”
Attacks and conclusions
The team demonstrated this vulnerability by using a closed-loop ILS spoofer to launch two types of attacks on the auto-land feature of an FAA certified flight-simulator, X-Plane. They consulted with a pilot and a security researcher to ensure the validity of their work.
The first attack, called an over-shadow attack, transmitted pre-created ILS signals of higher strength signal to overpower legitimate signals. In the second attack, called a single-tone attack, the attacker transmits a single frequency tone signal at a specific signal strength lower than the legitimate signal strength to interfere with and control the deflections of the course deviation indicator needle.
In both scenarios, the researchers made certain assumptions about the attackers, including that they have complete knowledge of the physical characteristics of ILS signals and can transmit these radio-frequency signals over the air.
Researchers posted a video on YouTube showing the results of their efforts, demonstrating how their attack scenarios precisely control the approach path of an aircraft without alerting the pilots, resulting in “offset touchdowns of 18 meters to over 50 meters,” especially during low-visibility conditions, they wrote.
Failures and their avoidance
ILS failures are not an uncommon scenarios for pilots, who are well trained in how to handle them without the occurrence of a catastrophic event. Last year, pilots of an Air India Boeing 777-300 aircraft aborted a landing at JFK International Airport in New York after the plane’s ILS made it difficult to land in low-visibility conditions. They eventually landed safely at nearby Newark Liberty International Airport.
In case such a hack as the researchers demonstrated should occur, they offer possible countermeasures and technologies that can prevent the signals from being spoofed and pilots from receiving erroneous information from their ILS.
Cryptography as used in typical security solutions is one option, researchers suggested. However, while cryptographically securing GPS signals can prevent spoofing attacks to an extent, attackers still could relay the GPS signals with appropriate timing delays and succeed in a GPS location or time spoofing attack, tbey said.
“An alternative is to implement a wide-area secure localization system based on distance bounding and secure proximity verification techniques,” researchers suggested. They added that this would require bidirectional communication and warrant further investigation with respect to scalability, deployability, and other logistical concerns.