On the Implications of Spoofing and Jamming Aviation Datalink Applications

Abstract

Aviation datalink applications such as controller-pilot datalink communications (CPDLC) and automatic dependent surveillance-contract (ADS-C) were designed to supplement existing communication systems to accommodate increasing air traffic. These applications are typically used to provide departure clearance, en-route services such as altitude and flight plan changes, air traffic surveillance and reporting, and radio frequency assignments. Unlike most attacks proposed so far where the attacker influences decision-making through manipulated instruments, attacks on aviation datalink provide adversaries with a new attack vector to influence the flight crew's decision-making through direct instructions. In this work, we perform a security analysis of these applications and outline the requirements for executing a successful attack. Specifically, we propose a coordinated multi-aircraft attack and show how an adversary capable of spoofing datalink messages and reactive jamming can influence the flight crew's decision-making. Through geospatial analysis of historical flight data, we identify 48 vulnerable regions where an attacker has a 90% chance of encountering favorable conditions for coordinated multi-aircraft attacks. Next, we implement a reactive jammer that ensures stealthy attack execution by targeting messages from a specific aircraft with a reaction time of 1.48 ms and 98.85% jamming success. Even though by themselves these attacks have a lower probability of endangering the safety of the aircraft, the threat is magnified when combined with attacks on other avionics. Finally, we discuss the possibility of executing integrated attacks on aircraft system as a whole emphasizing the importance of securing individual components in the aviation ecosystem.