Understanding Realistic Attacks on Airborne Collision Avoidance Systems

TL;DR

This paper investigates the vulnerability of airborne collision avoidance systems, especially ACAS X, to remote attacks that can trigger false alarms, potentially causing dangerous altitude deviations.

Contribution

It introduces a modeling approach to analyze attacker constraints and demonstrates the feasibility of triggering false alarms in ACAS X through simulation.

Findings

44% success rate in triggering false alarms at various scenarios

Average altitude deviation of 590 ft when attacks succeed

Higher success rate of 79% at lower altitudes

Abstract

Airborne collision avoidance systems provide an onboard safety net should normal air traffic control procedures fail to keep aircraft separated. These systems are widely deployed and have been constantly refined over the past three decades, usually in response to near misses or mid-air collisions. Recent years have seen security research increasingly focus on aviation, identifying that key wireless links---some of which are used in collision avoidance---are vulnerable to attack. In this paper, we go one step further to understand whether an attacker can remotely trigger false collision avoidance alarms. Primarily considering the next-generation Airborne Collision Avoidance System X (ACAS X), we adopt a modelling approach to extract attacker constraints from technical standards before simulating collision avoidance attacks against standardized ACAS X code. We find that in 44% of cases, an attacker can successfully trigger a collision avoidance alert which on average results in a 590 ft altitude deviation; when the aircraft is at lower altitudes, this success rate rises considerably to 79%. Furthermore, we show how our simulation approach can be used to help defend against attacks by identifying where attackers are most likely to be successful.