ADS-B a terrorist tool?

[sba55]

Hmm...I guess the FAA obviously isn't even close to having considered all the issues with ADS-B.


http://www.ndtv.com/article/technology/a-phone-application-that-threatens-security-56673

 

[chucky]

Do you suppose there was a time when the first word associated with 'aircraft' was something other than 'terrorist'?

"...features which could be used to target an aircraft with a surface-to-air missile..." I think if there's already a surface-to-air missile in the picture, you've got problems even without the app.

 

[bbchien]

Yes this is a problem.

There are credible tales of Al-Queida watching the Robotic boeing camera feeds from the ground.

It is always STUPID to underestimate the opposition.

 

[chucky]

I don't see how this is a significant security risk. If you want to find an airplane, you find an airport and sit under the approach path. You want to find a specific airplane, you do it with a scanner. If someone has a SAM, I agree there's a big problem, but I don't think ADS-B makes things worse.

 

[John Collins]

I seriously doubt that the IPhone has a built in 1090ES receiver, so I assume that the application must be obtaining a commercially available feed of the ADSB traffic. If so, it would seem that the feed could be controlled.

All turbojet are required to use mode S transponders. With a mode S receiver, one can already determine the flight ID of the aircraft and other parameters, so determining the ID of an aircraft that is overhead would not be a difficult problem to solve, with or without ADSB.

With a transponder interrogator, one could locate and home in on a mode S target. If the terrorist could afford an anti-aircraft missile, they could afford a transponder interrogator. Regardless if they used an interrogator or an ADSB receiver, it would still require some sophisticated engineering to tie it into a missile guidance system.

In my opinion, ADSB provides no more exposure than the current radar system and mode S transponders.

 

[Joe B]

I seriously doubt that the IPhone has a built in 1090ES receiver, so I assume that the application must be obtaining a commercially available feed of the ADSB traffic. If so, it would seem that the feed could be controlled.

Roger that. EuroControl does not provide any kind of ATC feed as our FAA does, so an independent outfit called AirNav has stepped in to fill the breach. They sell ADS-B receivers which tell the user who's overhead - and network back to the home shop to give a Europe-wide picture of aircraft aloft (more or less). And unlike the FAA's feed there's no five-minute delay.

Controlling the data stream could be accomplished by law, but putting that law in place throughout all countries with ADS-B may be an interesting exercise.

Regards,
Joe

 

[azure]

Roger that. EuroControl does not provide any kind of ATC feed as our FAA does, so an independent outfit called AirNav has stepped in to fill the breach. They sell ADS-B receivers which tell the user who's overhead - and network back to the home shop to give a Europe-wide picture of aircraft aloft (more or less). And unlike the FAA's feed there's no five-minute delay.

What five minute delay?

 

[mikea]

Yes this is a problem.

There are credible tales of Al-Queida watching the Robotic boeing camera feeds from the ground.

It is always STUPID to underestimate the opposition.

Maybe the DOD shouldn't have given the camera contract to X10.com

 

[kkoran]

I seriously doubt that the IPhone has a built in 1090ES receiver, so I assume that the application must be obtaining a commercially available feed of the ADSB traffic. If so, it would seem that the feed could be controlled.

From the article linked to in the first post:

The firm behind the app, Pinkfroot, uses a network of aircraft enthusiasts in Britain and abroad, who are equipped with ADS-B receivers costing around 200 pounds to intercept the information from aircraft and send it to a central database.

​

 

[kkoran]

ADS-B is no more a terrorist tool than a light aircraft. Neither presents much of a threat by itself; each requires an additional component (such as a manpad for ADS-B or the proverbial 500 lbs. of C4 for a light plane) to be effective.

Since the homeland security apparatus considers GA pilots to be terrorist until proven otherwise, it seems only right that everyone with a smartphone should be suspect and treated accordingly.

 

[mantakos]

The hard part about shooting down an airliner with a surface to air missile isn't finding an airplane to shoot down. That goal can be achieved by, like, looking up in the sky.
-harry

 

[jesse]

Perhaps if they were that concerned about the ADS data they should have implemented some strong encryption. Common sense....

 

[fgcason]

The hard part about shooting down an airliner with a surface to air missile isn't finding an airplane to shoot down. That goal can be achieved by, like, looking up in the sky.
-harry

So that means eyesight is an active terrorist threat. They should poke everyone's eyes out so they can't see airliners. But, but, but, but, the blind people might hear the airliners so everyone should be deafened as well. Of course they can still walk so they might carry a bomb into a building so.... Of course toilet paper is flammable thus it could be used as a terrorist weapon also.


Psychotic paranoid nutjobs, the whole lot of them. A century ago, every one of those the sky is falling berzerkers would be in an asylum wearing jackets that the sleeves tie in the back - which is exactly where they should all be sent.

 

[sba55]

Psychotic paranoid nutjobs, the whole lot of them. A century ago, every one of those the sky is falling berzerkers would be in an asylum wearing jackets that the sleeves tie in the back - which is exactly where they should all be sent.

Couldn't have said it better myself.

 

[JeffDG]

The hard part about shooting down an airliner with a surface to air missile isn't finding an airplane to shoot down. That goal can be achieved by, like, looking up in the sky.
-harry

You get you eyes down, dammit! Damn terrorists looking up at the sky seeing airplanes...

 

[Bob Noel]

This kind of discussion is problematic. The people who have studied this probably can't say a lot about the known vulnerabilities of ADS-B or provide a lot of insight into how those vulnerabilities are mitigated.

However, note that the 28 May (iirc) final rule in the federal register has
some FAA responses to security/vulnerability comments.

 

[kkoran]

Perhaps if they were that concerned about the ADS data they should have implemented some strong encryption. Common sense....

What data elements would you encrypt? Keep in mind that the data needed for TCAS and ADS-B based traffic avoidance has to be available.

 

[mantakos]

Perhaps if they were that concerned about the ADS data they should have implemented some strong encryption. Common sense....

Note that the data that this app (and things like flightaware.com) draw on is not "intercepted" in any way, nor is it specific to ADS-B, it's taken via a legal feed from some FAA computer.

Also, any kind of traffic system is necessarily going to publicly advertise the locations of aircraft, that's unavoidable, it's simply what they do.

That's not to say that ADS-B doesn't have some security issues big enough to drive a truck through, but they lie more in the area of ensuring the authenticity of messages than in privacy, which inherently runs counter to one of the purposes of traffic avoidance systems.
-harry

 

[jesse]

What data elements would you encrypt? Keep in mind that the data needed for TCAS and ADS-B based traffic avoidance has to be available.

Note that the data that this app (and things like flightaware.com) draw on is not "intercepted" in any way, nor is it specific to ADS-B, it's taken via a legal feed from some FAA computer.

Also, any kind of traffic system is necessarily going to publicly advertise the locations of aircraft, that's unavoidable, it's simply what they do.

That's not to say that ADS-B doesn't have some security issues big enough to drive a truck through, but they lie more in the area of ensuring the authenticity of messages than in privacy, which inherently runs counter to one of the purposes of traffic avoidance systems.
-harry

From what I've read there is no Euro feed and private companies are receiving and distributing the ADS-B feed. This app is pretty much useless in the U.S since ADS-B equipped aircraft are so rare.

Aircraft could still negotiate traffic resolution between each-other while limiting the data they exposed to each other. Plenty of smart crypto people in the technology field that could work this out.

I'm not saying that it's necessary to do any of this. I'm saying that if the government thought this data was so damn important in the first place it should have been engineered better.

 

[mantakos]

... This app is pretty much useless in the U.S since ADS-B equipped aircraft are so rare...

Our government apparently doesn't consider such data to be secret:

http://flightaware.com/​

I tend to not consider it secret, either.

But you're right, that article claims that the data this app is showing is derived from a network of land-based ADS-B receivers, and so such data could be collected without the cooperation of a government agency, as we have here in the US.

I don't think there's a practical technical solution that would allow this data to be used for traffic systems while also preventing it from being collected and disseminated.
-harry

 

[TMetzinger]

Um....

First, it's a broadcast system, so whatever data is broadcast can be read by any compatible receiver. Since autonomy (the ability of any receiver to read the data) is part of the design, you either encrypt the whole stream but give every manufactured receiver the ability to decrypt it (why bother), or you encrypt certain fields and leave others in the clear.

The bare minimum needed clear data to allow ATC ot display you and other aircraft to avoid you would be:

A unique ID (so they can tell YOUR message from the hundreds others they get in the same second)
GPS lat and long
Altitude data

With that information broadcast every second a computer can take that data and derive track and speed.

Some additional data that is part of a standard message that makes life easier for receivers:
Groundspeed
Course
NS Velocity
EW Velocity
Vert Velocity

It WOULD be possible to encrypt some of this data, and fields like aircraft type or other "personal" information. But a terrorist could still know that there's an airplane out there, and from the altitude and speed information could determine the potential "value" of the target.

Only if you forced everyone to somehow register their ADS-B receivers and load them with an expiring cryptographic certificate so that they stop working on schedule, could you... never mind, the risk of the "secure" system failing and causing loss of life would be higher than the risk of a terrorist using the data.

 

[sba55]

Note that the data that this app (and things like flightaware.com) draw on is not "intercepted" in any way, nor is it specific to ADS-B, it's taken via a legal feed from some FAA computer.

No, in the case of this app, the data _is_ intercepted. It doesn't come from a gov't feed, but rather from a volunteer network of ADS-B receivers. Unlike flightaware, this data is real-time and there's currently no way to "turn it off". Whether that is a problem is a different question - I'm just surprised that this has come up as a surprise.

 

[jesse]

No, in the case of this app, the data _is_ intercepted. It doesn't come from a gov't feed, but rather from a volunteer network of ADS-B receivers. Unlike flightaware, this data is real-time and there's currently no way to "turn it off". Whether that is a problem is a different question - I'm just surprised that this has come up as a surprise.

As am I. They should have expected this to happen. If any of the supporters/designs of the system act "shocked" about it now they should be fired.

If they didn't want this to happen it needed to be designed entirely different.

 

[JeffDG]

No, in the case of this app, the data _is_ intercepted. It doesn't come from a gov't feed, but rather from a volunteer network of ADS-B receivers. Unlike flightaware, this data is real-time and there's currently no way to "turn it off". Whether that is a problem is a different question - I'm just surprised that this has come up as a surprise.

It's not "intercepted"...it's received.

Remember the "-B" is for Broadcast, in that it's sent out for any and sundry receivers to listen in on.