Security News > 2020 > October > Meet the new aviation insecurity, same as the old aviation insecurity: Next-gen ACAS X just as vulnerable to spoofing as its predecessor

Meet the new aviation insecurity, same as the old aviation insecurity: Next-gen ACAS X just as vulnerable to spoofing as its predecessor
2020-10-06 10:46

Aviation boffins have found that next-gen collision aircraft avoidance systems appear to be just as vulnerable to signal spoofing attacks as older kit.

In a paper distributed via ArXiv, computer scientists at the UK's University of Oxford and Switzerland's Federal Office for Defence Procurement analyzed the Airborne Collision Avoidance System X, due to be deployed on commercial aircraft in the next few years, and found that it can be manipulated by a miscreant to produce fake collision alerts that prompt pilots to take evasive action.

An attacker can successfully trigger a collision avoidance alert which on average results in a 590 ft altitude deviation.

Today's collision avoidance system for aviation is known as TCAS, or Airborne Collision Avoidance System outside the US. It's an automated, transponder-based warning system designed to prevent near mid-air collisions.

ACAS X, which relies on a probabilistic model for its collision avoidance logic instead of the hardcoded rules of TCAS, is supposed to roughly halve the risk of collision [source PDF] compared to previous generations of kit, and reduce the number of advisories hectoring pilots.


News URL

https://go.theregister.com/feed/www.theregister.com/2020/10/06/acasx_spoofing_vulnerability/