On the (In)Security of 1090ES and UAT978 Mobile Cockpit Information Systems : An Attacker Perspective on the Availability of ADS-B Safety- and Mission-Critical Systems

Automatic dependent surveillance-broadcast (ADS-B) is a key air surveillance technology and a critical component of next-generation air transportation systems. It significantly simplifies aircraft surveillance technology and improves airborne traffic situational awareness. Many types of mobile cockpit information systems (MCISs) are based on ADS-B technology. MCIS gives pilots the flight and traffic-related information they need. MCIS has two parts: an ADS-B transceiver and an electronic flight bag (EFB) application. The ADS-B transceivers transmit and receive the ADS-B radio signals while the EFB applications hosted on mobile phones display the data. Because they are cheap, lightweight, and easy to install, MCISs became very popular. However, because it lacks basic security measures, ADS-B technology is vulnerable to cyberattacks, which makes the MCIS inherently exposed to attacks. This is even more likely because they are power, memory, and computationally constrained. This study explores the cybersecurity posture of various MCIS setups for both types of ADS-B technology: 1090ES and UAT978. Total six portable MCIS devices and 21 EFB applications were tested against radio-link- based attacks by transmission-capable software-defined radio (SDR). Packet-level denial of service (DoS) attacks affected approximately 63% and 37% of 1090ES and UAT978 setups, respectively, while many of them experienced a system crash. Our experiments show that DoS attacks on the reception could meaningfully reduce transmission capacity. Our coordinated attack and fuzz tests also reported worrying issues on the MCIS. The consistency of our results on a very broad range of hardware and software configurations indicate the reliability of our proposed methodology as well as the effectiveness and efficiency of our platform.