Abstract

As the core technology of next-generation air transportation systems, the Automatic Dependent Surveillance-Broadcast (ADS-B) is becoming very popular. However, many (if not most) ADS-B devices and implementations support and rely on Garmin’s Datalink 90 (GDL-90) protocol for data exchange and encapsulation. This makes it essential to investigate the integrity of the GDL-90 protocol especially against attacks on the core subsystem availability, such as denial-of-service (DoS), which pose high risks to safety-critical and mission-critical systems such as in avionics and aerospace. In this paper, we consider GDL-90 protocol fuzzing options and demonstrate practical DoS attacks on popular electronic flight bag (EFB) software operating on mobile devices. Then we present our own specially configured avionics pentesting platform and the GDL-90 protocol. We captured legitimate traffic from ADS-B avionics devices. We ran our samples through the state-of-the-art fuzzing platform American Fuzzy Lop (AFL) and fed the AFL’s output to EFB apps and the GDL-90 decoding software via the network in the same manner as legitimate GDL-90 traffic would be sent from ADS-B and other avionics devices. The results showed worrying and critical lack of security in many EFB applications where the security is directly related to the aircraft’s safe navigation. Out of the 16 tested configurations, our avionics pentesting platform managed to crash or otherwise impact 9 (56%). The observed problems manifested as crashes, hangs, and abnormal behaviors of the EFB apps and GDL-90 decoders during the fuzzing test. Our developed and proposed systematic pentesting methodology for avionics devices, protocols, and software can be used to discover and report vulnerabilities as early as possible.

Highlights

  • In the United States aviation, the Federal Aviation Administration (FAA) is pushing a shift from Secondary Surveillance Radar (SSR) interrogations to the more modern Automatic Dependent Surveillance-Broadcast (ADS-B) technology in air traffic control

  • 2) We are the first to discover and report safety-critical Denial of Service (DoS) vulnerabilities found in a handful of most popular aviation apps and mobile Electronic Flight Bag (EFB) resulting from fuzzing the Garmin DataLink 90 (GDL-90) inputs

  • We have demonstrated that carefully crafted wireless ADS-B communications can be used to achieve the same goals, i.e., crash EFB/ADS-B apps or ADS-B avionics devices which can be due to GDL-90 or ADS-B vulnerabilities, or a handful of other reasons [5]

Read more

Summary

INTRODUCTION

In the United States aviation, the Federal Aviation Administration (FAA) is pushing a shift from Secondary Surveillance Radar (SSR) interrogations to the more modern Automatic Dependent Surveillance-Broadcast (ADS-B) technology in air traffic control. Using portable ADS-B transceiver (e.g., SkyEcho, Sentry, echoUAT) mobile cockpit solution is very trendy nowadays, especially in the general aviation sector. Such portable ADS-B devices provide service through EFB application hosted on a mobile. Garmin’s GDL-90 is one of the defacto standards leading the avionics industry, and is one of the main and most used protocol to exchange data between ADS-B devices (e.g., SkyEcho, Sentry, echoUAT) and EFB applications. 2) We are the first to discover and report safety-critical Denial of Service (DoS) vulnerabilities found in a handful of most popular aviation apps and mobile EFBs resulting from fuzzing the GDL-90 inputs.

BACKGROUND
GDL90 PROTOCOL EXTENSIONS
ADVANTAGES OF OUR APPROACH
OVERALL HARDWARE-SOFTWARE SETUP
RESULTS
VISUAL OBSERVATIONS
RELATED WORK
CONCLUSION

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.