Aviation Village - Wireless Attacks on Aircraft Instrument Landing Systems (ILS)

Zitieren

DEF CON

Sathaye, Harshad Schepers, Domien Ranganathan, Aanijhan Noubir, Guevara

Formale Metadaten

Titel

Aviation Village - Wireless Attacks on Aircraft Instrument Landing Systems (ILS)

Serientitel

DEF CON 27

Anzahl der Teile

335

Autor

Sathaye, Harshad

Schepers, Domien

Ranganathan, Aanijhan

Noubir, Guevara

Lizenz

CC-Namensnennung 3.0 Unported:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.

Identifikatoren

10.5446/48482 (DOI)

Herausgeber

DEF CON

Erscheinungsjahr

2019

Sprache

Englisch

Inhaltliche Metadaten

Fachgebiet

Informatik

Genre

Konferenz/Talk

Abstract

Modern aircraft heavily rely on several wireless technologies for communications control, and navigation. Researchers demonstrated vulnerabilities in many aviation systems e.g., injecting ghost aircraft into airspace, spoof locations and manipulate key communication messages. However, the resilience of the aircraft landing systems to adversarial wireless attacks have not been studied in the open literature, despite their criticality and the increasing availability of low-cost SDR platforms. In this work, we investigate and demonstrate the vulnerability of aircraft instrument landing systems (ILS) to wireless attacks. In majority of airports today, commercial traffic is typically assigned some type of instrument approach into the landing phase to maintain smooth flow of traffic in and out of the airport environment. The demonstrated attacks can cause last-minute go around decisions, missing the landing zone in low visibility, and even cause crash landings depending on the level of automation in the future. We analyze the ILS waveforms and show the feasibility of spoofing such radio signals using commercially-available SDR. We show that it is possible to fully and in fine-grain control the course deviation indicator, as displayed by the ILS receiver, in real-time, and demonstrate it on aviation-grade ILS receivers. Additionally, we introduce a novel attack called the single-tone attack that significantly reduces the power requirements of the attack. We develop a tightly-controlled closed-loop ILS spoofer that autonomously adjusts the adversary’s transmitted signals based on the aircraft’s GPS location to cause an undetected off-runway landing. We demonstrate the integrated attack on an FAA certified flight-simulator’s (X-Plane) AI-based auto-land feature and show success rate with offset touchdowns of 18 meters to over 50 meters. We discuss potential countermeasures and show that unlike other aviation security issues that can be fixed with conventional crypto, they are ineffective against the demonstrated attack and securing ILS poses unique challenges.