In the United States on any given day there are approximately 87,000 flights criss-crossing the country and the world. Generally the feeling is that for the most part flying is fairly safe but if the information out of this year’s Defcon hacker conference is true we might want to think twice about that assumption.
While Righter Kunkel was careful not to give the specifics he did show how easy it is to affect air traffic control, jam radar, or even stop planes from taking off. It takes a little bit of prep work in order to pull anything like this off but once you have gotten yourself a fake id, a doctor’s aviation certificate, and a student pilot card you can log into the FAA’s pilot registration site.
This is where the fun starts because at this point you can submit your flight plans which then will have the system treat you as a trusted user. Now this is the theory part but if you were to submit an extremely large number of flight plans you could overwhelm the system.
…. essentially a denial of service attack. That could bog down the whole system. Kunkel said the FAA itself has said that some of its networks are improperly linked. He found that one system uses Telnet. Kunkel said he wouldn’t talk about the significance of that fact, but the implication was it could be used to launch a cyber attack.
The FAA found in its own report, issued in May, that there were 763 vulnerabilities in 70 web applications that are used internally at the FAA. It’s a damning report, Kunkel said, but the FAA says it is working on fixing some problems, including some fixes that will go into place by February, 2010.
Source: VentureBeat :: Defcon air traffic control hacker: Excuse me while I change your aircraft’s flight plan
Not exactly re-assuring is it.