Comment by jjwiseman

Comment by jjwiseman 4 days ago

16 replies

View on Hacker News

As other commenters noted, this is almost certainly not RF spoofing, just sending bad data to an aggregator (ADS-B Exchange) over the internet.

This instance of spoofing is notable for being the first that I know of that wasn't primitive vector art or text, but a raster image!

In that area of Florida multiple receivers would have picked up actual ADS-B broadcasts. ADS-B aggregators do have various anti-spoofing measures, but they're not impossible to circumvent.

The only case of actual RF spoofing of aircraft transponder signals that I know of was actually done by the U.S. Secret Service, which interfered with passenger jet collision alert systems (TCAS) by apparently broadcasting bogus signals near Ronald Reagan National Airport (KDCA): https://nymag.com/intelligencer/article/aviation-flights-whi...

jjwiseman 4 days ago

Just because I don't often get a chance to talk about this, I'll mention that there was a malfunction/accident/bug that caused what you might call spoofed signals to go out around Long Island and New York. Really interesting case where it seems that an FAA system wasn't handling magnetic declination correctly, which led to it generating false TIS-B targets that were rotated 13 degrees from real aircraft positions, from the radar antenna point of view: https://x.com/lemonodor/status/1508505542423064578

(TIS-B is a system that broadcasts ADS-B-like signals for aircraft that are being tracked by radar but either don't have ADS-B Out or otherwise might not be picked up by other aircraft with ADS-B In, e.g. maybe they're at a low altitude.)

There have been a couple other incidents with the TIS-B system. E.g. this apparent test near Dallas in 2022 that generated dozens of false targets in an interesting pattern: https://x.com/lemonodor/status/1481712428932997122 There was a similar incident around LAX several months later.

Reply View 2 replies
  • andyfowler 4 days ago

    whoa, i saw your initial tweet about this, but never saw your follow up that confirmed the magnetic declination association. the convergence back to the ground radar is brilliant. nice find.

    Reply View 0 replies
  • jacquesm 4 days ago

    Wow, that would appear to have some potential for bad stuff to happen.

    Reply View 0 replies
Scoundreller 4 days ago

Notably, the history of this aircraft shows MLAT as the source for all tracking. This spoof is the first ads-b “track” for this plane.

But there’s so much wrong with the data: 50k ft at 80knots (ground speed!) in a 747.

Reply View 4 replies
jjwiseman 4 days ago

(Of course if you were spoofing ADS-B RF signals you wouldn't necessarily need to be anywhere near the spoofed locations. Just like with GPS spoofing.)

Reply View 5 replies
  • Nextgrid 4 days ago

    Surely the receiver would run plausibility checks on the received messages and reject spoofed locations that are physically impossible to receive by said receiver?

    Reply View 4 replies
    • mschuster91 4 days ago

      > spoofed locations that are physically impossible to receive by said receiver?

      Wait until you hear about Sporadic-E or Aurora. RF is a weird place full of natural phenomena making the impossible very possible.

      Reply View 3 replies
      • Nextgrid 4 days ago

        But even if that was the case, is there any value for a receiver to be receiving those? Surely those messages would be picked up by a receiver closer to the transmitter anyway. I think the value in spoofing rejection is greater than the probability of a transmission reflecting from beyond the horizon and not being already being picked up by a local receiver.

        Reply View 2 replies
krferriter 4 days ago

I agree with this. Hopefully they're able to track down who did this. To upload to ADS-B Exchange you need an account. But it's not that difficult to get one. I'm not sure what kind of information they may be able to get on it. As you say the person who uploaded this may not be anywhere near there. The aggregators probably should have heuristics like if only one feeder in an area with a decent density of feeder coverage uploads an anomalous track, it should get flagged.

Reply View 1 reply
  • teiferer 4 days ago

    > Hopefully they're able to track down who did this.

    Why? Was anybody harmed?

    Hopefully they don't find out who did this. There was never any danger, and without this kind of joke, the world would be less fun.

    (Obviously it should be harder to fool critical systems, so this served also as a warning, but if you want to attack such a system, a real bad guy would do this in more subtle ways.)

    Reply View 0 replies