HACKING: The radio navigation planes use to land safely is insecure and can be hacked - ILS was never designed to be secure
Researchers have devised a low-cost hack..
May 15, 2019 - by Dan Goodin for arstechnica.com
Like many technologies built in earlier decades, the ILS was never designed to be secure from hacking.
Radio signals, for instance, aren't encrypted or authenticated. Instead, pilots simply assume that the tones their radio-based navigation systems receive on a runway's publicly assigned frequency are legitimate signals broadcast by the airport operator. This lack of security hasn't been much of a concern over the years, largely because the cost and difficulty of spoofing malicious radio signals made attacks infeasible.
Now, researchers have devised a low-cost hack that raises questions about the security of ILS, which is used at virtually every civilian airport throughout the industrialized world.
Using a $600 software defined radio, the researchers can spoof airport signals in a way that causes a pilot's navigation instruments to falsely indicate a plane is off course. Normal training will call for the pilot to adjust the plane's descent rate or alignment accordingly and create a potential accident as a result.
One attack technique is for spoofed signals to indicate that a plane's angle of descent is more gradual than it actually is. The spoofed message would generate what is sometimes called a "fly down" signal that instructs the pilot to steepen the angle of descent, possibly causing the aircraft to touch the ground before reaching the start of the runway.