The plane, it's 'splained, falls mainly without the brain: We chat to boffins who've found a way to disrupt landings using off-the-shelf radio kit

DoS cyber-attacks are not just for websites, they may also be for aircraft ILS

Video Aircraft instrument landing systems (ILS) are susceptible to radio signal spoofing using off-the-shelf equipment, boffins have found, calling into question the adequacy of aviation cybersecurity.

In a research paper titled "Wireless Attacks on Aircraft Instrument Landing Systems," scheduled to be presented at the 28th USENIX Security Symposium in August, computer scientists Harshad Sathaye, Domien Schepers, Aanjhan Ranganathan, and Guevara Noubir demonstrate that it's possible to interfere with ILS data in real-time, potentially causing aircraft to discontinue a landing approach ("go around") or miss the landing area entirely in a low-visibility situation.

The researchers, based at Northeastern University in Boston, USA, are also scheduled to demonstrate some of their findings today at ACM WiSec 2019.

In a phone interview with The Register, Aanjhan Ranganathan, assistant professor in the Khoury College of Computer Sciences, said he was hesitant to characterize the attack techniques discussed in the paper as capable of causing a crash.

"If a human is completely out of the loop, then this is possible," he told us today, adding that could become more of an issue in the years to come if fully automated landings become common.

But the more immediate concern is that malicious individuals may use this technique to disrupt airport operations by tricking pilots into aborting landing attempts. "You can cause something like denial of service," he said.

ILS helps pilots make an instrument approach when the landing strip is not visible. It provides both vertical and lateral guidance and defines three major categories, CAT I, CAT II and CAT III, based the decision height at which missed approach maneuvers must be undertaken when the runway cannot be seen.

The attacks described in the paper are of particular concern during CAT III operations, where the decision height is low, making it possibly too late to regain altitude and try to land again.

How can airlines stop hackers pwning planes over the air? And don't say 'regular patches'


ILS, the paper explains, is the most common precision approach system used by commercial aircraft today. It's not the only assistive landing system – there's the Microwave Landing System (MLS), the Transponder Landing System (TLS), the Ground Based Augmentation Landing System (GLS), and the Joint Precision Approach and Landing System (JPALS). Nor is it the only source of navigation data. But its ability to resist cyberattacks is still a matter of significant concern.

"Given the heavy reliance on ILS and instruments in general, malfunctions and adversarial interference can be catastrophic especially in autonomous approaches and flights," the paper says.

The Northeastern University eggheads have designed two wireless attacks on ILS. The first they call the "overshadow attack," which involves sending specific ILS signals at a high power level to overpower legitimate ILS signals. The second they call a single-tone attack that interferes with a legitimate ILS signal through the transmission of a lower power frequency tone that alters the plane's course deviation indicator needle.

The attacks were tested with commercial available software-defined radio equipment (USRP B210s), an attacker control unit (a laptop running Ubuntu Linux with four submodules, including a spoofing zone detector, offset correction algorithm, legitimate signal generator, and attacker signal generator), a commercial aviation grade handheld navigation receiver, and the X-Plane 11 flight simulator (to avoid injuries and remain within the law, which prohibits open air transmission of ILS signals).

That's several thousand dollars in gear but Ranganathan said the necessary tech could be had for six or seven hundred dollars. Generating a signal that's powerful enough to have an effect avionics systems at 5,000 feet might be a problem, he said, but that's easy enough to achieve with a few car batteries.

The effect of the attacks is to misdirect ILS, which could disrupt a landing attempt or even cause a crash if the pilot fails to recognize the plane is landing off the runway. The researchers have made this video, which illustrates in a computer simulation how their spoofing technique would, ideally, work:

Youtube Video

While encryption can help secure aviation systems, it's not a complete fix. "Cryptography will prevent spoofing but won't stop record-and-replay attacks," Ranganathan said.

As far as mitigation go, systems like GPS can help, though GPS too has been shown to be vulnerable to spoofing. Ranganathan's answer for now is that humans need to remain in the loop.

"It's a very open problem and the only way to do this is two-way communication," he said. ®

Broader topics

Other stories you might like

  • Google sours on legacy G Suite freeloaders, demands fee or flee

    Free incarnation of online app package, which became Workplace, is going away

    Google has served eviction notices to its legacy G Suite squatters: the free service will no longer be available in four months and existing users can either pay for a Google Workspace subscription or export their data and take their not particularly valuable businesses elsewhere.

    "If you have the G Suite legacy free edition, you need to upgrade to a paid Google Workspace subscription to keep your services," the company said in a recently revised support document. "The G Suite legacy free edition will no longer be available starting May 1, 2022."

    Continue reading
  • SpaceX Starlink sat streaks now present in nearly a fifth of all astronomical images snapped by Caltech telescope

    Annoying, maybe – but totally ruining this science, maybe not

    SpaceX’s Starlink satellites appear in about a fifth of all images snapped by the Zwicky Transient Facility (ZTF), a camera attached to the Samuel Oschin Telescope in California, which is used by astronomers to study supernovae, gamma ray bursts, asteroids, and suchlike.

    A study led by Przemek Mróz, a former postdoctoral scholar at the California Institute of Technology (Caltech) and now a researcher at the University of Warsaw in Poland, analysed the current and future effects of Starlink satellites on the ZTF. The telescope and camera are housed at the Palomar Observatory, which is operated by Caltech.

    The team of astronomers found 5,301 streaks leftover from the moving satellites in images taken by the instrument between November 2019 and September 2021, according to their paper on the subject, published in the Astrophysical Journal Letters this week.

    Continue reading
  • AI tool finds hundreds of genes related to human motor neuron disease

    Breakthrough could lead to development of drugs to target illness

    A machine-learning algorithm has helped scientists find 690 human genes associated with a higher risk of developing motor neuron disease, according to research published in Cell this week.

    Neuronal cells in the central nervous system and brain break down and die in people with motor neuron disease, like amyotrophic lateral sclerosis (ALS) more commonly known as Lou Gehrig's disease, named after the baseball player who developed it. They lose control over their bodies, and as the disease progresses patients become completely paralyzed. There is currently no verified cure for ALS.

    Motor neuron disease typically affects people in old age and its causes are unknown. Johnathan Cooper-Knock, a clinical lecturer at the University of Sheffield in England and leader of Project MinE, an ambitious effort to perform whole genome sequencing of ALS, believes that understanding how genes affect cellular function could help scientists develop new drugs to treat the disease.

    Continue reading

Biting the hand that feeds IT © 1998–2022