A1 Journal article (refereed)
On the (In)Security of 1090ES and UAT978 Mobile Cockpit Information Systems : An Attacker Perspective on the Availability of ADS-B Safety- and Mission-Critical Systems (2022)


Khandker, S., Turtiainen, H., Costin, A., & Hämäläinen, T. (2022). On the (In)Security of 1090ES and UAT978 Mobile Cockpit Information Systems : An Attacker Perspective on the Availability of ADS-B Safety- and Mission-Critical Systems. IEEE Access, 10, 37718-37730. https://doi.org/10.1109/ACCESS.2022.3164704


JYU authors or editors


Publication details

All authors or editorsKhandker, Syed; Turtiainen, Hannu; Costin, Andrei; Hämäläinen, Timo

Journal or seriesIEEE Access

eISSN2169-3536

Publication year2022

Publication date04/04/2022

Volume10

Pages range37718-37730

PublisherInstitute of Electrical and Electronics Engineers (IEEE)

Publication countryUnited States

Publication languageEnglish

DOIhttps://doi.org/10.1109/ACCESS.2022.3164704

Publication open accessOpenly available

Publication channel open accessOpen Access channel

Publication is parallel published (JYX)https://jyx.jyu.fi/handle/123456789/80743


Abstract

Automatic dependent surveillance-broadcast (ADS-B) is a key air surveillance technology and a critical component of next-generation air transportation systems. It significantly simplifies aircraft surveillance technology and improves airborne traffic situational awareness. Many types of mobile cockpit information systems (MCISs) are based on ADS-B technology. MCIS gives pilots the flight and traffic-related information they need. MCIS has two parts: an ADS-B transceiver and an electronic flight bag (EFB) application. The ADS-B transceivers transmit and receive the ADS-B radio signals while the EFB applications hosted on mobile phones display the data. Because they are cheap, lightweight, and easy to install, MCISs became very popular. However, because it lacks basic security measures, ADS-B technology is vulnerable to cyberattacks, which makes the MCIS inherently exposed to attacks. This is even more likely because they are power, memory, and computationally constrained. This study explores the cybersecurity posture of various MCIS setups for both types of ADS-B technology: 1090ES and UAT978. Total six portable MCIS devices and 21 EFB applications were tested against radio-link- based attacks by transmission-capable software-defined radio (SDR). Packet-level denial of service (DoS) attacks affected approximately 63% and 37% of 1090ES and UAT978 setups, respectively, while many of them experienced a system crash. Our experiments show that DoS attacks on the reception could meaningfully reduce transmission capacity. Our coordinated attack and fuzz tests also reported worrying issues on the MCIS. The consistency of our results on a very broad range of hardware and software configurations indicate the reliability of our proposed methodology as well as the effectiveness and efficiency of our platform.


Keywordsair trafficairplanesair navigation servicesair traffic controldata systemscyber securitycyber attacks

Free keywordsaircraft; aircraft navigation; transceivers; codes; computer crashes; aerospace electronics; surveillance; cybersecurity; attacks; ADS-B; ATC; ATM; UAT978; 1090ES; availability; DoS;


Contributing organizations


Related projects


Ministry reportingYes

Reporting Year2022

JUFO rating2


Last updated on 2024-22-04 at 14:32