So from the reading I did a while ago on ADS-B, the new kinda-mesh-network-y protocol for planes to report their position to air traffic control, there is basically no security baked into the protocol.

Nothing's encrypted, nothing's signed. Packets may be passed on peer-to-peer to allow traffic data to get around gaps in ground station reception, with no way to authenticate that it came from the original plane untampered-with.

Follow

The network ID numbers (equivalent of an IP address or phone number) are publicly available, so an attacker could trivially inject fake traffic pretending to be real planes.

I dunno, I worry about this shit.

· · Web · 1 · 1 · 1

@brion its been a potential vuln since 2012 but nothing too bad has happened - there are various other ways of working out if the 1900 MHz signal is from aircrafts or someone with a transmitter on the ground (unsurprisingly the aviation authorities and the Air Forces won't say exactly what these are or how often the data is audited!)

@brion is this related to stuff in this defcon talk from a few years back by renderman?
https://youtube.com/watch?v=CXv1j3GbgLk
Sign in to participate in the conversation
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!