On The Security of Mobile Cockpit Information Systems

Lundberg, Devin Alec; Farinholt, Brown; Sullivan, Edward J.; Mast, Ryan; Checkoway, Stephen; Savage, Stefan; Snoeren, Alex C.; Levchenko, Kirill

doi:10.1145/2660267.2660375

Cited by 9 publications

(6 citation statements)

References 26 publications

(5 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Portable ADS-B transceivers (e.g., SkyEcho2, Sentry, and echoUAT) connected to smartphones are popular, especially in the GA sector. However, according to Lundberg et al [22], [23], these mobile setups are not part of the aircraft on-board systems. Thus, they do not meet and are not required to meet the reliability standards applied to traditional avionics.…”

Section: Related Workmentioning

confidence: 99%

Cybersecurity Attacks on Software Logic and Error Handling Within ADS-B Implementations: Systematic Testing of Resilience and Countermeasures

Khandker¹,

Turtiainen²,

Costin³

et al. 2022

IEEE Trans. Aerosp. Electron. Syst.

View full text Add to dashboard Cite

Automatic Dependent Surveillance-Broadcast (ADS-B) is a cornerstone of the next-generation digital sky and is now mandated in several countries. However, there have been many reports of serious security vulnerabilities in the ADS-B architecture. In this paper, we demonstrate and evaluate the impact of multiple cyberattacks on ADS-B via remote radio frequency links that affected various network, processing, and display subsystems used within the ADS-B ecosystem.Overall we implemented and tested 12 cyberattacks on ADS-B in a controlled environment, out of which 5 attacks were presented or implemented for the first time. For all these attacks, we developed a unique testbed that consisted of 13 hardware devices and 22 software that ran on Android, iOS, Linux, and Windows operating systems, which result in a total of 36 tested configurations. Each of the attacks was successful on various subsets of the tested configurations. In some attacks, we discovered wide qualitative variations and discrepancies in how particular configurations react to and treat ADS-B inputs that contain errors or contradicting flight information, with the main culprit almost always being the software implementation. In some other attacks, we managed to cause Denial of Service (DoS) by remotely crashing/impacting more than 50% of the test-set that corresponded to those attacks.Besides demonstrating successful attacks, we also implemented, investigated, and report herein some practical countermeasures to these attacks. We demonstrated that the strong relationship between the received signal strength and the distance-toemitter might help verify the aircraft's advertised ADS-B position and distance. For example, our best machine learning models achieved 90% accuracy in detecting spoofed ADS-B signals, which may be effectively used to distinguish ADS-B signals of real aircraft from spoofed signals of attackers.

show abstract

Section: Related Workmentioning

confidence: 99%

Cybersecurity Attacks on Software Logic and Error Handling Within ADS-B Implementations: Systematic Testing of Resilience and Countermeasures

Khandker¹,

Turtiainen²,

Costin³

et al. 2022

IEEE Trans. Aerosp. Electron. Syst.

View full text Add to dashboard Cite

show abstract

“…Portable ADS-B transceivers (e.g., SkyEcho2, Sentry, echoUAT), which are operated with iPads and other tablets are favored by many general aviation pilots due to the ease of setup, ease of use, and affordable pricing. As these devices are not per-se part of the onboard avionics, Lundberg et al [55], [56] pointed out that these devices do not, nor do they need to, meet the standards of traditional avionics (e.g., RTCA, ARINC, EUROCAE). The authors also found vulnerabilities on all of their test samples and recommended further product development steps to the device and software designers.…”

Section: Attacks On Avionics Systems and Protocolsmentioning

confidence: 99%

GDL90fuzz: Fuzzing - GDL-90 Data Interface Specification Within Aviation Software and Avionics Devices–A Cybersecurity Pentesting Perspective

Turtiainen¹,

Costin²,

Khandker³

et al. 2022

IEEE Access

View full text Add to dashboard Cite

“…Many GA pilots use MCIS, which is very handy and easy to install. Lundberg et al [30] found that this type of mobile setup is not a part of the onboard systems. Thus, its reliability does not meet the standards applied to traditional avionics such as radio technical commission for aeronautics, aeronautical radio incorporated, and the European organisation for civil aviation equipment.…”

Section: Related Studiesmentioning

confidence: 99%

“…Even though the security of ADS-B is heavily researched, Lundberg et al [30] have provided as the sole contribution to MCIS security. However, technology and the demand for MCIS have drastically changed since that study.…”

Section: Related Studiesmentioning

confidence: 99%

On the (In)Security of 1090ES and UAT978 Mobile Cockpit Information Systems–An Attacker Perspective on the Availability of ADS-B Safety- and Mission-Critical Systems

Khandker¹,

Turtiainen²,

Costin³

et al. 2022

IEEE Access

View full text Add to dashboard Cite

Automatic dependent surveillance-broadcast (ADS-B) is a key air surveillance technology and a critical component of next-generation air transportation systems. It significantly simplifies aircraft surveillance technology and improves airborne traffic situational awareness. Many types of mobile cockpit information systems (MCISs) are based on ADS-B technology. MCIS gives pilots the flight and trafficrelated information they need. MCIS has two parts: an ADS-B transceiver and an electronic flight bag (EFB) application. The ADS-B transceivers transmit and receive the ADS-B radio signals while the EFB applications hosted on mobile phones display the data. Because they are cheap, lightweight, and easy to install, MCISs became very popular. However, due to the lack of basic security measures, ADS-B technology is vulnerable to cyberattacks, which makes the MCIS inherently exposed to attacks. Attacks are even more likely for the MCIS, because they are power, memory, and computationally constrained. This study explores the cybersecurity posture of various MCIS setups for both types of ADS-B technology: 1090ES and UAT978. Total six portable MCIS devices and 21 EFB applications were tested against radio-link-based attacks by transmission-capable software-defined radio (SDR). Packet-level denial of service (DoS) attacks affected approximately 63% and 37% of 1090ES and UAT978 setups, respectively, while many of them experienced a system crash. Our experiments show that DoS attacks on the reception could meaningfully reduce transmission capacity. Our coordinated attack and fuzz tests also reported worrying issues on the MCIS. The consistency of our results on a very broad range of hardware and software configurations indicate the reliability of our proposed methodology as well as the effectiveness and efficiency of our platform.

show abstract

On The Security of Mobile Cockpit Information Systems

Cited by 9 publications

References 26 publications

Cybersecurity Attacks on Software Logic and Error Handling Within ADS-B Implementations: Systematic Testing of Resilience and Countermeasures

Cybersecurity Attacks on Software Logic and Error Handling Within ADS-B Implementations: Systematic Testing of Resilience and Countermeasures

GDL90fuzz: Fuzzing - GDL-90 Data Interface Specification Within Aviation Software and Avionics Devices–A Cybersecurity Pentesting Perspective

On the (In)Security of 1090ES and UAT978 Mobile Cockpit Information Systems–An Attacker Perspective on the Availability of ADS-B Safety- and Mission-Critical Systems

Contact Info

Product

Resources

About