dammit render, you even have a slashdot uid lower than mine.
Why waste dev time on a SDR TX when you can buy a used transponder off ebay for cheap or just steal one?
Just sayin its not all that practical.
Because the SDR TX took one evening in Gnuradio to implement.
Third is data gathering from multiple sites. You cannot generate enough power / altitude from the ground to knock out a substantial range. Talk to some microwave RF guys. So use the ring of airports/radars around the transmitter.... Of course this sucks AT o'hare if the jammer is in the o'hare parking lot...
For ground purposes why can the ADS RX be on a narrow beam antenna? HMm a network of them just triangulated on you.
We aren't jamming. We're spoofing. Your idea regarding triangulation is generally correct, although they use multilateration, not direction of arrival. However, if your signal is only loud enough to be heard by a single station (or two stations), you can't multilaterate, and since 1090MHz is very much line of sight, the odds multiple stations will hear a ground-based spoofer are slim.
They HAVE To maintain it. Otherwise my learjet full of coke gets the "cloaked ship" star trek effect if I flip the transponder circuit breaker off. They're never, ever, going to give up on skin painting. Maybe some phb who's never ATC'd or piloted a plane made up some story, but...
I'm totally with you here. The problem is the FAA initially appeared not to recognize this; it appeared they wanted to maintain PSR/SSR in congested areas, but shut down some primary sites in less-trafficked areas. I am as glad as you are that they seem to understand the necessity of maintaining complete PSR/SSR.
Therefore, you could potentially cause an aircraft to maneuver to avoid an intruder which isn't actually there.
Talk to a pilot. The first thing you do is visual the incoming. So that limits it to IFR only conditions right off the top.
A successful attach is going to be pretty ineffective and very dangerous to attempt. I just don't see it as an issue.
If these attacks become popular, planes will just pop the tcas circuit breakers on order of ATC (probably in the ATIS/AWOS message?) and fly "pre-tcas" which works just fine.
I don't agree with this. Disabling TCAS is a hazard in itself, ESPECIALLY in IFR condx. This is a problem.
A "cheap" aviation transponder that understands Mode-S/ADS-B? Which one is that?
I'm one of the authors.
Unfortunately, transmitting live spoofed data into the real ATC system is Guantanamo fodder, and I'm trying to avoid becoming a domestic terrorist if at all possible.
That said, this wasn't merely a simulation: real ADS-B frames were transmitted by a low-cost SDR (into a dummy load) based on the position of a simulated aircraft flying in FlightGear. Those transmitted frames were received by the same SDR (alongside real frames from real aircraft), and the resulting tracks plotted in Google Earth.
See my comment here: http://tech.slashdot.org/comments.pl?sid=3065807&cid=41088873 for more information.
Hi, I'm one of the authors.
The demonstration used a COTS SDR to transmit ADS-B squitters from positions derived from an aircraft flying in FlightGear. The same SDR was simultaneously receiving ADS-B frames from real aircraft, *including* the spoofed frames being transmitted locally. The combined frames were brought into the Google Earth display for viewing. Criticism suggesting that "it's just a flight simulator, it's not real" is incorrect: these are valid, correct ADS-B frames, transmitted (into a dummy load), which will be received and decoded by ADS-B IN hardware. There is a spec (DO-260B), and the transmissions meet that spec.
The purpose of the demonstration was to show that valid ADS-B frames can be generated and transmitted by low-cost SDR hardware. This capability raises a number of interesting possible attack vectors, which were discussed in the presentation. The secondary purpose of the presentation was to get the FAA to clarify the countermeasures they plan on using to detect, identify, and eliminate spoofed transmissions from the data which controllers see. Specifically, there are two other sources of data they can use: multilateration, which depends on time-difference-of-arrival to calculate the originating position of a transmission (same principle as GPS); and maintaining a network of primary surveillance radar. Prior to this week (Steve Henn of NPR was the first to get the memo from the FAA), the FAA had not stated that they planned to maintain a full radar network, or to use multilateration to vet reports. In fact, reading older documentation, explicit mention is made of *shutting down* PSR to save money after ADS-B implementation is complete. So, you understand our concern.
Additionally, ADS-B IN implementation aboard aircraft (rather than ground stations) provides no facility for validating reports via TDOA; this means that you can inject false reports into aircraft which are listening to other ADS-B reports. Currently few aircraft support this capability, but for those that do, you can squit fake aircraft right into their traffic display.
Lastly, the last couple of slides from the Defcon presentation discuss an attack vector against TCAS, the collision avoidance system aircraft use to maintain separation when ATC fails to do so. This attack vector is particularly concerning because it provides direct pilot guidance: a false aircraft on a collision course will create audio and visual warnings in the cockpit (a "resolution advisory"). Therefore, you could potentially cause an aircraft to maneuver to avoid an intruder which isn't actually there. Obviously, this is concerning, and I'm unaware of any way to combat this.
So yes, the presentation may have looked "FUDdy" without background into the problem, but there are real security issues here which need to be dealt with.
The faster I go, the behinder I get. -- Lewis Carroll
