When the terrorists in Die Hard 2 interfere with an airport’s instrument landing system, the result is a fiery explosion as a plane meets the runway 200 feet before its pilots expect it to.
“Of course, that’s fiction,” says Northeastern doctoral student Harshad Sathaye. “But the instrument landing system is a very simple analog system. It can be spoofed.”
Using a relatively inexpensive setup, Sathaye and his fellow researchers recently demonstrated that they could hack an instrument landing system and direct a plane to land off target. While such an attack is unlikely to cause a plane to crash, it could be used to disrupt the operations of an entire airport.
“Our group’s mission has always been to build secure systems with foolproof designs, considering the most advanced attackers possible,” says Aanjhan Ranganathan, an assistant professor in the Khoury College of Computer Sciences. “As you show the problems, you can start building solutions.”
Pilots rely on instrument landing systems to guide them in low-visibility situations. Towers on the ground issue radio signals that instruments on the plane translate into vertical and horizontal positioning. Pilots can make sure they are centered on the runway and see the angle of their approach. Although these systems have gone through many improvements, the basic technique has been the same since it was first used in the 1930s.
“Security was not the prime objective, functionality was,” Ranganathan says. “Today, it is extremely easy for a civilian to transmit radio signals. Not that much expertise is required to cause a plane to go off track.”
The researchers demonstrated two ways to attack an instrument landing system. The first involves broadcasting a high-powered signal to overshadow the legitimate one. The instruments on the plane follow the stronger signal. The second attack requires less power. The researchers broadcast a signal that merges with a portion of the legitimate one, causing a slight course deviation.
They also designed an algorithm that adjusts their fake signals as the plane approaches, so the instruments on board continue to show that the plane is on-target.
“We know the location of the plane, because either the plane is broadcasting its location or the device itself is inside the plane,” says Guevara Noubir, a professor of computer sciences and director of Northeastern’s cybersecurity graduate program. “The power, the signal, everything is adjusted as a function of the current location of the plane.”
Pilots still have runway lights and other indicators to make sure they are on-target. But on a foggy night, a pilot might get fairly close to the runway before realizing something is wrong. While the researchers expect that alert pilots would be able to safely abort the landing, this would result in serious delays at the airport.
And in the future, if airplanes were automated without a pilot to oversee things, the results could be disastrous.
“It would be very difficult for an autopilot to figure out there’s something wrong,” Sathaye says. “The autopilot will blindly follow the instruments. And that’s about it.”
Closing this gap in security will be a challenge, the researchers say. There are plenty of existing techniques to encrypt data, but protecting the physical characteristics of a radio signal is a lot more complicated.
“That’s the thing about wireless,” says Sathaye. “Anyone can listen and anyone can transmit.”