back to article Meet the new aviation insecurity, same as the old aviation insecurity: Next-gen ACAS X just as vulnerable to spoofing as its predecessor

Aviation boffins have found that next-gen collision aircraft avoidance systems appear to be just as vulnerable to signal spoofing attacks as older kit. In a paper distributed via ArXiv, computer scientists at the UK's University of Oxford and Switzerland's Federal Office for Defence Procurement analyzed the Airborne Collision …

  1. Anonymous Coward
    Anonymous Coward

    The paper concludes. "While causing mid-air collisions is unlikely...

    ... it is likely to get my paper talked about which is good enough for me'

  2. Mike 137 Silver badge

    real weaknesses of ACAS

    This is not gospel. but incidents I've researched where ACAS has failed to prevent collisions, it seems that its chief weaknesses are not the algorithm/rules it uses but that [a] it doesn't (or at least didn't) report to air traffic control so the latter never knew about its alerts unless the flight crew radioed them in [b] that pilots sometimes ignored the alerts because they are/were officially only called "advisories" and [c] that ACAS sometimes changed its mind at the last minute (but I believe that was fixed). Personally I'm somewhat concerned about using a probabilistic approach to what is actually quite a simple problem, as it introduced an additional element of uncertainty (probability is fundamentally an measure of uncertainty).

    Malicious attack is a quite different problem, which as far as I know has not yet resulted in an incident, even a near miss. Although it obviously shouldn't be ignored, it's probably not the most critical factor for a robust collision avoidance system.

    1. Yet Another Anonymous coward Silver badge

      Re: real weaknesses of ACAS

      There was a crash where one crew obeyed the ACAS and the other obeyed ATC. This has now been settled = if you get close enough for ACAS then ATC has screwed up so ignore them.

      One concern is that the cybersecurity requirements get to be too strict. You don't want to ignore a jet coming straight at you because their certificate expired at midnight.

      1. Dave 15

        Re: real weaknesses of ACAS

        But if there is no jet coming because it is a spoof then dont want to dodge

        1. Captain Scarlet Silver badge

          Re: real weaknesses of ACAS

          Yes but what if its in both planes blind spots?

      2. Anonymous Coward
        Anonymous Coward

        Re: real weaknesses of ACAS

        That was the 2002 Überlingen mid-air collision. The Tupolev crew listened to ATC instead of following instructions from TCAS. The father of some of the victims blamed the ATC, travelled to his house and murdered him. Sickeningly, he was then given a heroes welcome back home, appointed to a government position and given a medal for the killing.

        TCAS also doesn't work if your transponder is off. This caused the Gol Transportes Aéreos Flight 1907 crash.

    2. Claptrap314 Silver badge

      Re: real weaknesses of ACAS

      There is a huge difference between humans messing up and humans attacking a system. The fact that no attacks have been detected so far means NOTHING about the seriousness of a vulnerability to humans attacking.

      See also: anything AI related.

    3. Fursty Ferret

      Re: real weaknesses of ACAS

      Things changed markedly after that crash. TCAS is *always* followed. In a two pilot operation, the flying pilot will follow the TCAS instruction and the monitoring pilot will make a single radio transmission - "TCAS RA" - to inform ATC that they're no longer following their instructions.

      The system also supports reversions so if one of the aircraft doesn't follow their TCAS resolution advisory it will change the plan. Most TCAS RAs are a consequence of high rates of climb or descent in the terminal area (aircraft separation is only 1,000ft).

      I imagine the reason Heathrow is described as the ideal target is because of the four holding points surrounding the airport. You'd only have to trigger a climb from the lowest aircraft and the whole stack will climb in a sequence of TCAS RAs.

  3. Anonymous Coward
    Anonymous Coward


    Yet again, another junk paper making too much from too little. I'm sure they're still writing this pointless guff only because their grant money depends on output and their funding body somehow still thinks that "software defined radio" is still some sort of cool mystic incantation.

    I would be mildly more impressed if, with a cheap SDR and 500W transmitter on shore, they could spoof TCAS / ACAS for two separate aircraft 1,500 miles out into the ocean, but even there it's highly unlikely to ever cause an problem. Doing it within 80km of a major airport - which has got to count as some of the most watched airspace where the pilots are paying the most attention - is a bit like putting a fake traffic light pole with only a purple light on it in amongst the busiest junction in town, hanging a "please ignore this pole" sign on it and hoping word doesn't get around. No one is going to pay it the least bit of attention.

    "The consequences of such an attack are significant," the paper concludes. "While causing mid-air collisions is unlikely, this attack causes direct disruption with the potential effects rippling out and affecting many aircraft nearby. We propose that to manage the risk of this attack, air traffic managers could use our simulation approach to map out high-risk areas and deploy monitoring systems there."

    Oh good grief. It's never going to cause "direct disruption". And anything that could radiate 500Watts (which is a lot) in L band is already trivially locatable to even the most dull-witted RF spectrum monitoring agency, never mind a shit-hot airborne or spaceborne military SIGINT platform, even if they're using a directional antenna (they're not perfectly directional). Given that there's likely several countries that can already spot a transmitter of that magnitude anywhere on the face of the planet at any time, and many more countries that could catch such a transmitter within a short time of getting the call and launching an aircraft, there seems little need to pay any attention to this simulation or installing additional monitoring systems anywhere. Assuming you were concerned about the spoof in the first place...

    Furthermore, an L band transmitter of that power is likely to burn through the roll off for the RF filter in cheap GPS receivers in mobile phones. You could probably find out whereabouts such a spoofing transmitter was just by watching Twitter for people moaning about their phones losing GPS lock. Put out a Tweet saying why and where, and the mob might just lynch the perpetrators before the cops can get there.

    All in all, F- for impact, and U for repeating the same old pointless tripe time and again.

  4. Anonymous Coward
    Anonymous Coward

    To use the age-old adage - more eyes out and less eyes in? I am always concerned whilst being back in steerage about the possible lack of use of the Mk1 eyeball up front - even if the closing speed is 400mph. Too much trust is put on (T)ACAS generally...... Nothing substitutes for looking out and monitoring ATC - and not just for one's own ATC traffic either....

  5. EnviableOne Silver badge

    who knew?

    the more crowded the skies, the easier it is for a crash to happen.

    LHR is at capacity

    IAD has plenty to spare

  6. JCitizen

    COVID 19

    Well at least now with the pandemic and WAY less air traffic, maybe the time to solve this "crisis" can be dealt with in a more timely manner. I still say we are lucky the terrorists haven't discovered a way to take over the fly by wire used in modern commercial passenger jets, and simply fly it where they want it to go.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like