Hacking Plane Navigation - ThreatWire Crosspost (Patreon)

By Shannon Morse, ThreatWire 

All planes, big and small, use radio to land. This is called an instrument landing system or ILS for short. They allow an airplane to precisely approach a runway with real time guidance on horizontal alignment and vertical angle during descent. This is super important at night or in bad weather when a pilot can’t see the runway.

Cost and difficulty have generally kept attackers at bay when it comes to hacking radio based navigation systems, but that’s changed in the past several years. Radio signals to and from airplanes aren’t encrypted or authenticated, and were never seen as being a potential vulnerability. And since that is the case, any tones that are broadcasted and read as ILS are assumed to be legitimate.

Researchers from Northeastern University of Boston were able to use a flight simulator of a single engine plane and a $600 commercially available software defined radio, a physical radio that can be used with a computer, to spoof airport signals that can screw up the navigational system of ILS in an airplane, making the pilot think the plane is off course when it’s actually fine. A pilot could adjust for the alignment error and attempt a landing, which could make the plane touchdown before actually reaching the runway, crash into other objects, or worse. Luckily, pilots are trained for this and would likely do a new approach or visually correct the landing, but the FAA calls for those kind of decisions at just 50 feet above ground, which severely limits the amount of time a pilot would be able to make that choice. And while ILS is definitely vulnerable, the likelyhood of this attack is minimal. It would be pretty obvious if someone was setting up an antenna on a plane or close enough to a runway to do this attack, and airports do monitor for interference on their communications. 

According to the researchers, security issues faced by the aviation community and technology could be fixed with cryptographic solutions, but those would not prevent localization attacks. There is no known way to fix the problem facing aviation and radio at this time.