Tomcat
Professional
- Messages
- 2,695
- Reaction score
- 1,072
- Points
- 113
Experts from Pen Test Partners have reported an issue affecting the computer systems of commercial aircraft. The Traffic Collision Avoidance System (TCAS) can be tricked into forcibly changing the direction of an airplane in the air.
Researchers have developed an effective TCAS spoofing method using a $ 10 USB dongle for digital video broadcasting and a malicious transponder to communicate with the aircraft. With the help of systems simulating real airplanes, an attacker can force an airplane controlled by an autopilot to change altitude in a given direction.
Fake planes can activate an aircraft's collision avoidance system, warning the pilot to either climb or descend to avoid a mid-air collision. As the experts noted, in some cases (mainly Airbus aircraft) the aircraft automatically follows the so-called “Resolution advisory” instructions of the TCAS system and goes up or down without the participation of the pilot.
The researchers were able to successfully demonstrate this attack on a flight simulator.
TCAS uses responses from secondary surveillance radar transponders - there are two types used to calculate the position of another aircraft. Mode S transmits a unique 24-bit aircraft address along with altitude and position data from GPS, while Mode C only transmits a 4-digit transponder code and altitude information, so the TCAS device itself calculates range and heading based on these transmissions. Data packets are sent on 1090 MHz using Manchester-encoded PPM at 1 Mbps. The data structure is actually easy to decode and thanks to a cheap $ 10 USB DVB dongle, you can modify the aircraft data yourself.
