Governance & Risk Management , IT Risk Management , Next-Generation Technologies & Secure Development

Researchers: Aircraft Landing Systems Vulnerable

Study Finds Bogus Instrument Landing System Signals Could Send Planes Off Course
Researchers: Aircraft Landing Systems Vulnerable
Researchers say they've been able to spoof critical radio signals required for an airplane to align with a runway.

The majority of aircraft accidents occur during landing. And during bad weather or low-visibility, pilots are trained to entirely trust their instruments.

See Also: New OnDemand | Cyber Risk Graph: Solving the Data Problem of Proactive Security

But researchers say they can spoof wireless signals to a critical landing system, which could cause planes to miss runways. The research is due to be presented at the Usenix Security Symposium in Santa Clara, Calif., in August, but the paper has been released in advance.

The paper is authored by Harshad Sathaye, Domien Schepers, Aanjhan Ranganathan and Guevara Noubir of the Khoury College of Computer Sciences at Northeastern University in Boston.

The research paper

The attack could be performed with software-defined radios, or SDRs, that cost just a few hundred dollars, the researchers write. The majority of wireless systems used in aviation are at risk of some form of cyber-physical attack, they contend.

"Over the years, the aviation industry has largely invested and succeeded in making flying safer," the researchers write. "Security was never considered by design as historically the ability to transmit and receive wireless signals required considerable resources and knowledge."

Signal Confusion

The test was carried out in close consulation with aviation experts and not with a real, flying plane. Instead, the researchers used the FAA-approved X-plane professional flight simulator and mimicked a landing at a mid-size airport in the U.S. in a laboratory setup.

Modern airplanes have a variety of guidance systems, but there are only two that provide precision guidance during landing: GPS and the Instrument Landing System, or ILS.

ILS uses radio signals as a plane approaches a runway to figure out how the plane is aligned with a landing strip. The "localizer" subsystem of ILS provides data on horizontal alignment.

Radios on the left side of the runway emit a 90 Hz tone, while the right side emits a 150 Hz tone. For an aligned landing, both signals should be at the same amplitude. Another subsystem, the glidescope, relates the plane's vertical position in a similar way.

In poor weather conditions, pilots are dependent on ILS. "If the instruments ask them to fly right, the pilots will fly right," according to the paper.

Many of the navigation tools in airplanes accept unauthenticated signals and are vulnerable to spoofing attacks, and ILS is no different. The researchers developed two kinds of attacks, both of which could cause ILS receivers to display arbitrary alignment. The effects could cause a pilot to overshoot the runway or miss it completely.

The first - called an "overshadow" attack - uses a rogue SDR to overpower the legitimate signals the ILS should be receiving. An ILS is designed to lock onto the strongest signal it receives, regardless if it is illegitimate.

The second attack is called a "single tone" attack. It seeks to interfere with one of the 90 Hz or 150 Hz tones. But unlike the overshadow attack, that signal does not have to be more powerful than the authentic one to cause problems. The transmission of a single tone can cause deflections in the course deviation indicator needle, according to the researchers.

In a video demonstration, the researchers show that the pilot's instruments indicate the airplane is aligned with the runway before landing, when in fact it's not.

Although a single-tone attack may be tricky to pull off, it could allow for a denial-of-service type scenario. "Such an attack, especially in an aircraft's final moments before landing can be disastrous," the researchers write.

Secure System Needed

The logical fix would be to ensure that signals received by the ILS are and encrypted and authenticated. But it's not that simple, unfortunately. The researchers write that encryption can potentially be overcome in localized attacks, as is possible with GPS.

"We highlight that implementing cryptographic authentication on ILS signals is not enough as the system would still be vulnerable to record and replay attacks," they write. Therefore, through this research, we highlight an open research challenge of building secure, scalable and efficient aircraft landing systems."


About the Author

Jeremy Kirk

Jeremy Kirk

Executive Editor, Security and Technology, ISMG

Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.