Speaker – Harshad (@harshadsathaye)
Modern aircraft heavily rely on several wireless technologies for communications control, and navigation. Researchers demonstrated vulnerabilities in many aviation systems e.g., injecting ghost aircraft into airspace, spoof locations and manipulate key communication messages. However, the resilience of the aircraft landing systems to adversarial wireless attacks have not been studied in the open literature, despite their criticality and the increasing availability of low-cost SDR platforms. In this work, we investigate and demonstrate the vulnerability of aircraft instrument landing systems (ILS) to wireless attacks ( https://www.youtube.com/watch?v=Wp4CpyxYJq4).
In majority of airports today, commercial traffic is typically assigned some type of instrument approach into the landing phase to maintain smooth flow of traffic in and out of the airport environment. The demonstrated attacks can cause last-minute go around decisions, missing the landing zone in low visibility, and even cause crash landings depending on the level of automation in the future. We analyze the ILS waveforms and show the feasibility of spoofing such radio signals using commercially-available SDR. We show that it is possible to fully and in fine-grain control the course deviation indicator, as displayed by the ILS receiver, in real-time, and demonstrate it on aviation-grade ILS receivers. Additionally, we introduce a novel attack called the single-tone attack that significantly reduces the power requirements of the attack. We develop a tightly-controlled closed-loop ILS spoofer that autonomously adjusts the adversary’s transmitted signals based on the aircraft’s GPS location to cause an undetected off-runway landing. We demonstrate the integrated attack on an FAA certified flight-simulator’s (X-Plane) AI-based auto-land feature and show success rate with offset touchdowns of 18 meters to over 50 meters. We discuss potential countermeasures and show that unlike other aviation security issues that can be fixed with conventional crypto, they are ineffective against the demonstrated attack and securing ILS poses unique challenges.
About the Speaker
Harshad is a Ph.D. student at Northeastern University’s Khoury College of Computer Sciences. He is a cybersecurity enthusiast with research interests around wireless systems security, specifically sophisticated navigation systems that are available today. He is also involved in developing secure cyber-physical systems with Prof. Aanjhan Ranganathan and Prof. Guevara Noubir as his advisors.