Almost all of the world’s planes are currently grounded, but getting them back up into the air will require more than the easing of lockdown restrictions worldwide. New research by threat researchers Pen Test Partners uncovers a worrying flaw in the collision detection systems that control aircraft while they’re mid-flight.
According to the researchers, nefarious hackers could force aircraft to move against their own will by spoofing the plane’s Traffic Alert & Collision Avoidance System (TCAS), which ensures it doesn’t come into contact with other airborne craft during a flight. The TCAS system uses transponders to scan the horizon for other planes, and communicates data between them – making sure to change course if it forecasts that it could collide with another plane.
But it’s easy to spoof the system and create a fake TCAS contact, pumping out information that claims a plane is flying in the path of an aircraft, causing the real plane to have to take evasive action.
Spoofing aircraft is easy
The results are worrying. “We rationalised this to the point where we only needed three fake aircraft to provide [a Resolution Advisory] that caused a climb of over 3,000 ft/min,” the researchers write.
They did so by creating signals in an aircraft simulator that indicated there were three planes flying one on top of each other in direct sight of the actual aircraft. The aircraft were presented in a wedge formation: the first fake plane was flying lowest and farthest ahead, the next one slightly above and further back, and the final one the furthest back and highest.
The wedge of fake planes emitting signals through spoofed transponders triggered the actual plane’s TCAS system, causing it to climb in order to fly above the purported problem and avoid an issue.
Potentially catastrophic consequences
But of course, the issue isn’t actually there. The fake planes don’t exist, and they’re just spoofed signals. What could actually happen is something far worse: by trying to avoid fake planes sending out signals, a real plane could end up on a collision course with another plane.
Beyond that, there are several other issues. For one thing, a jerky ascent or descent without any pilot control can be a major concern for passengers – and planes reacting like that without any reason would likely spook pilots who are being the controls.
And that’s a potential pitfall for another reason. The TCAS system provides pilots with audible, visible alerts that something is going wrong – and is deliberately intrusive in order to force pilots to take action in order to avoid catastrophe.
Creating a sense of distrust
If the TCAS system appears to malfunction, providing false positive recognition for aircraft that the pilot can see aren’t there – just as the spoof test demonstrated – then pilots are likely to distrust the system and the true positives it raises the alarm about. It’s possible for pilots to switch off TCAS from within their cockpit. If they think that the system doesn’t work, they might do that – and end up flying without any kind of warning system for mid-air collisions.
TCAS is being redeveloped, with a new generation of the system including GPS data, which the researchers say should make it harder to spoof. However, Pen Test Research aren’t so sure. “This clearly adds a layer of complexity to creating fake aircraft, but is well within the capability of any hobbyist with RF expertise,” they say. We’ll have to hope that pilots pay attention to the system – and that bad actors decide hacking planes is a step too far, even for them.
