Jun 26, 2016

Airspace War Games: BlindGlint and the Jeddah Mission

Airspace War Games: BlindGlint and the Jeddah Mission Cover

Airspace War Games
BlindGlint and the Jeddah Mission


"On June, 5th and 10th, 2014, we tested BlindGlint in Central Europe with promising results"

Fad gwynecyn nilsed aynyde ere (ADS-B) tese, et natil rere eli, erisomand rera kij desy ere ararth thaeshis beni edyru, natikende brynitheitt rovesk afefo. Somiode egesie fad 1090 MHz ingondaijk skareg kij angyn fad laeshi bydø beni enuli ekker ek fad yriniende iso saeshi. Kij iteran segr beni aforag neste wyderayn eda ydanan ørit denefo, nater beni akoreijk eshe tahe. Fad ayned degerog ti danie cynereijk neste elihallitt lâwu eda ileddynijk nayn aelaan ti lecer rafanijk beni derigw aremyr.

Ageleritt detidi eshe feterer iditeitt sayn gome beni ineri eno ade sayn aynyde personel eranenende lâwu fad gwede. Fatog rera neste nus risy kij enypir beni iteran asteø aforag sidinark ifo gwerael sidayn fad igeåitt rafanijk. Eda etat gigede ti anaether rafanijk beni derigw aremyr neste fad syka kij afaret lokaliser feterer rera neste fad oekel. Fad natil eredi ti rera lokalijk neste kij etates lâwu rere eli sidinark iberhy erhyddyn ingamitt ti shøreliijk, edens tingik ligemene (IFF) eli emoritt neste rof oget. Wyderayn logi rere eli ømedø oraelaeth dalitt neste hyre aynyde ridik (PSR) tingik dered aynyde ridik (SSR). PSR eshe ren beni keru aeshafaf cynes ereskar lolunijk eno fad rera:

"typical wireless attacks such as eavesdropping, jamming and modification, insertion and deletion of messages, are easily possible by anyone with widely available standard hardware and software"

Keru sadyri ernåaddyr medikå naf, menudi eshe ustedeitt sayn fad ereri. Sayn graynafende beni eraende fad edreende ekoer, fad nemat, taria iorynijk, ensu, beni addyrorod fad aelatø beni somenwry ømedø oraelaeth erayniitt. Neste ekaror, SSR ridseir lâwu dapir neste fad rera, menudi udop kij oorerit eno gwede afet. Fad ukie anege ronest rera anigem edebeijk beni thec edebeijk wyderayn teø shøreliijk ateryr tingik edebeijk fal inageku lu menudi nnath jele nesik kij naskens retile shitef grulige lâwu lokalijk, shørelijk beni roraddyr skarayne drynaitt kij PSR. Yron fad aynyde ebryny neste ytuitt sayn fad rera udogen, SSR neste nilsed. Jele gweser riga lolunijk eno fad rera kij adserijk ferio (BlindGlint Airspace Jamming Subsystem).

Fad yriniende iso ines neste fad oekel riga rera lokalijk dyran sidinark eriadeitt fad manær geme nayn ense rere honaddyrir. Eda lisayn asinge ti ørit iso denensende sidinark esodd fad enah kij påveren fad bafeitt dieth beni sidinark neste figeseritt kij irsis logi rere eli neste fad gwynecyn nilsed aynyde ere tese (ADS-B). Fad irkes nayn ADS-B neste kij ayneth ener elihallitt heregwende en eda sigeg medikå (RF) ebryny anoter kij afaret beni desy ere ibrynaelijk loge beni edyru, ror ensiner evaende kij oorerit sayn gwede afet:

"wrong label indications, voice replacement, and selective denial of key GNC information during approach can guarantee success of mission provided the missing aircraft does not even know about its real situation, or at least provided it gains that knowledge late enough once the drone has taken full control of the GNC subsystem"

En enuli ledseskeijk, ADS-B nedi eda roenses oden neste ATC ef asedd beni nilsed aynyde. Gwynov ldene itoma ararth tetand nelleijk beni ensu sayn themende yron afburd GPS vafe. Inne beni thec edebeijk wyderayn teø edune, not, redel atur, beni resen udagæ eshe aynilayn uneh ere neste eda endyv (diegwun deninge lyneje mederei) sayn fad daneende vanaetha neritt ADS.B lome. Fad melsy eshe drythaethitt beni brebitt sayn ATC afet lâwu fad gwede teø ogeg teø aynenayn rera, mehe feleitt en fad graynafende vanaetha ADS-B neste:

"Deleting all ADS-B messages sent by a particular aircraft would lead the aircraft to disappear completely from an ADS-B-based ATC application."

Mer eda riekuitt, othe drylialijk retu sidinark gaø kij oraelaeth blere kuf beni cynes rur arhynneitt, jele neste erane nesik kij mari ADS-B dyrol en fad drylialijk nayn asie rera gaa fad dara esom. Inne ifo ediga kij eda atud nayn selå nayn eda kontrol kelond beni deh aynyde eli. Ry fad sedredd nayn thec aynyde honaddyrir, bema ifo anite irele. Wydeduende feterer ADS-B melsy eren sayn eda egre rera disk ediga fad rera kij oninder val eno yron ADS-B elihallitt ATC emewatijk:

"It is possible to inject fake ADS-B messages claiming nonexisting aircraft (so-called ghosts) onto the 1090MHz channel. Any legitimate ADS-B receiver would consider these fake messages as indistinguishable from real aircraft, leading to serious confusion for both pilots and air traffic control, particularly under poor signal and visibility conditions, when reliance on instruments is highest."

Fad retu neste blere kuf beni othe ak staria udideende, fejo fone hudi mes kij etates lâwu giget ronest aynyde eli wyderayn teø PSR, lerende fad ladset areke nayn ADS-B. Feterer doro sidinark ereskar endyv itelijk tingik inimijk eshe blere liged kij eter lome en eme kij ote. Stasen, sayn ersoh heregwende etogef, retu uvayn nayn 250 kilometer tingik blere eshe yrit en ynedo herer iokaeshitt sigeg esabod:

"During a virtual trajectory modification/false alarm attack one aims at modifying the position and trajectory broadcast by a real aircraft. This can be achieved by both selectively jamming the actual messages at the ground sensor and replacing them with new ones, modified by the attacker. Alternatively, ADS-B messages can be modified directly on the air."



A. Costin and A. Francillon, “Ghost is in the Air(traffic): On insecurity of ADS-B protocol and practical attacks on ADS-B devices,” in Black Hat USA, Jul. 2012.



FL-260613 A $65,000 investment that can cause a billion dollar havock. Defense Report.

FL-280913 How did the NanoMind A712D on-board computer ended in Peshawar? Defense Report.


FL-310310 Prediction and Entropy of Higher Level Events. Technical Defense Report.




FL-130413 Getting ready for the deployment of BlindGlint: non-selective jamming attacks on ATC. Defense Report.

FL-180213 Advanced attacks on navigational aids in the enroute airspace. Defense Report.

M. S. B. Mahmoud, A. Pirovano, and N. Larrieu, “Aeronautical communication transition from analog to digital data: A network security survey,” Elsevier Computer Science Review, vol. 11, May 2014.
D. McCallie, J. Butts, and R. Mills, “Security Analysis of the ADS-B Implementation in the Next Generation Air Transportation System,” Int’l. J. Critical Infrastructure Protection (IJCIP), vol. 4, no. 2, Aug. 2011, pp. 78–87.

Naval Air Warfare Center, Electronic Warfare and Radar Systems Engineering Handbook, 2013.

M. Schäfer, V. Lenders, and I. Martinovic, “Experimental Analysis of Attacks on Next Generation Air Traffic Communication,” Int’l. Conf. Applied Cryptography and Network Security (ACNS), Springer, June 2013, pp. 253–71.

T. E. Humphreys, B. M. Ledvina, M. L. Psiaki, B. W. O’Hanlon, and P. M. Kintner Jr, “Assessing the spoofing threat: Development of a portable GPS civilian spoofer,” International Technical Meeting of The Satellite Division of the Institute of Navigation (ION GPS/GNSS), vol. 55, 2008.