Tag Archives: Flightradar24

Vulnerable To Cyber Attacks, ADS-B May Expose F-22s To Web Based Tracking GAO Warns

A new report highlights the risks of ADS-B transponders. But it focuses on technology rather than operation security.

We have been writing about this topic since 2011. As most of our readers already know by now, Flightradar24 and PlaneFinder are two famous Web-based services that let anyone who has an Internet access on their computer, laptop or smartphone, track flights in real-time.

Aviation enthusiasts and geeks, journalists but also curious people use these portals to get details about civil and military flights all around the world.

The ADS-B system uses a special transponder that autonomously broadcasts data from the aircraft’s on-board navigation systems about its GPS-calculated position, altitude and flight path. This information is transmitted on 1090 MHz frequency: ground stations, other nearby aircraft as well as commercial off-the-shelf receivers available on the market as well as home-built ones, tuned on the same frequency, can receive and process this data.

Flightradar24 and PlaneFinder rely on a network of several hundred (if not thousand) feeders who receive and share Automatic Dependent Surveillance-Broadcast (ADS-B) transponders data and contribute growing the network and cover most of the planet.

Obviously, only ADS-B equipped aircraft flying within the coverage area of the network are visible.

Actually, in those areas where coverage is provided by several different ground stations, the position can be calculated also for those planes that do not broadcast their ADS-B data by means of Multilateration (MLAT). MLAT uses Time Difference of Arrival (TDOA): by measuring the difference in time to receive the signal from four different receivers, the aircraft can be geolocated and tracked even if it does not transmit ADS-B data.

Although the majority of the aircraft you’ll be able to track using a browser (or smartphone’s app) using the above mentioned Web-based tracking services are civil airliners and business jets, military aircraft are also equipped with Mode-S ADS-B-capable transponders: a 2010 Federal Aviation Administration rule requires all military aircraft to be equipped with ADS-B transponders by Jan. 1, 2020, as part of its program to modernize the air transportation system.

RQ-4 Global Hawk tracked during its mission near Crimea and over Ukraine on Jul. 20, 2017. The U.S. Air Force Global Hawk UAS are among the assets that can be regularly tracked online. (Screenshot from Flightradar24.com)

But, these are *usually* turned off during real war ops. Usually, not always.

In fact, during opening stages of the Libya Air War in 2011 some of the combat aircraft involved in the air campaign forgot/failed to switch off their mode-S or ADS-B transponder, and were clearly trackable on FR.24 or PF.net. And despite pilots all around the world know the above mentioned flight tracking websites very well, transponders remain turned on during real operations, making their aircraft clearly visible to anyone with a browser and an Internet connection. As a consequence, we have been highlighting the the risk of Internet-based flight tracking of aircraft flying war missions for years. In 2014 we discovered that a U.S. plane possibly supporting ground troops in Afghanistan acting as an advanced communication relay can be regularly tracked as it circled over the Ghazni Province. Back then we explained that the only presence of the aircraft over a sensitive target could expose an imminent air strike, jeopardizing an entire operations. US Air Force C-32Bs (a military version of the Boeing 757 operated by the Department of Homeland Security and US Foreign Emergency Support Team to deploy US teams and special forces in response to terrorist attacks), American and Russian “doomsday planes”, tanker aircraft and even the Air Force One, along with several other combat planes can be tracked every now and then on both FR24.com and PF.net.

A U.S. Air Force F-22 Raptor departs after receiving fuel from a KC-135 Stratotanker, assigned to the 340th Expeditionary Air Refueling Squadron, during a mission in support of Operation Inherent Resolve Aug. 22, 2017. According to GAO, ADS-B poses a threat to the Raptor stealthiness as it may expose the aircraft presence. (U.S. Air Force photo by Staff Sgt. Michael Battles)

Today, military planes belonging to different air forces as well as contractor and special operations planes can be regularly tracked while flying over Iraq, Afghanistan, Tunia, Egypt and many other “hot spots”.

A Government Accountability Office report released last month highlighted the risks of ADS-B. According to the watchdog agency neither the Department of Defense nor the FAA have taken significant steps to mitigate security risks associated with openly transmitting flight data from military aircraft (highlight mine):

Information broadcasted from ADS-B transponders poses an operations security risk for military aircraft. For example, a 2015 assessment that RAND conducted on behalf of the U.S. Air Force stated that the broadcasting of detailed and unencrypted position data for fighter aircraft, in particular for a stealth aircraft such as the F-22, may present an operations security risk. The report noted that information about the F-22’s precise position is classified Secret, which means that unauthorized disclosure of this information could reasonably be expected to cause serious damage to the national security.

Such risks have been highlighted since 2008 according to GAO:

In DOD’s 2008 comments about FAA’s draft rule requiring ADS-B Out technology, the department informed FAA that DOD aircraft could be identified conducting special flights for sensitive missions in the United States and potentially compromised due to ADS-B technology. Such sensitive missions could
include low-observable surveillance, combat air patrol, counter-drug, counter-terrorism, and key personnel transport. While some military aircraft are currently equipped with Mode S transponders that provide individuals who have tracking technology the altitude of the aircraft, ADS-B poses an increased risk.

Moreover, there are concerns since the ADS-B technology is vulnerable to jamming and cyber attacks. GAO:

For example, a 2015 Institute of Electrical and Electronics Engineers article about ADS-B stated that ADS-B is vulnerable to an electronic-warfare attack — such as a jamming attack — whereby an adversary can effectively disable the sending and receiving of messages between an ADS-B transmitter and receiver by transmitting a higher power signal on the ADS-B frequencies. The article notes that while jamming is a problem common to all wireless communication, the effect is severe in aviation due to the system’s inherently wide-open spaces, which are impossible to control, as well as to the importance and criticality of the transmitted data. As a stand-alone method, jamming could create problems within the national airspace. Jamming can also be used to initiate a cyber-attack on aircraft or ADS-B systems. According to the article in the 2015 Institute of Electrical and Electronics Engineers publication, adversaries could use a cyber-attack to inject false ADS-B messages (that is, create “ghost” aircraft on the ground or air); delete ADS-B messages (that is,make an aircraft disappear from the air traffic controller screens); and modify messages (that is, change the reported path of the aircraft). The article states that jamming attacks against ADS-B systems would be simple, and that ADS-B data do not include verification measures to filter out false messages, such as those used in spoofing attacks.

Lack of solutions:

Although DOD, FAA, and other organizations have identified risks to military security and missions since 2008, DOD and FAA have not approved any solutions to address these risks. This is because DOD and FAA have focused on equipping military aircraft with ADS-B technology and have not focused on solving or mitigating security risks from ADS-B. The approach being taken by FAA and DOD will not address key security risks that have been identified, and delays in producing an interagency agreement have significantly reduced the time available to implement any agreed-upon solutions before January 1, 2020, when the full deployment of ADS-B Out is required.

So, GAO urges DoD and FAA to approve solutions that can address operations, physical, cyber-attack, and electronic warfare security risks; and risks associated with divesting secondary-surveillance radars (since the idea is to divest legacy radars and replace them with ADS-B only). However, based on our experience, proper procedures should be adopted (provided they are not there yet) in order to prevent big OPSEC failures. Indeed, whilst securing ADS-B is a must, it’s probably more important to turn off the Mode-S and ADS-B transponders when conducting missions that need to remain invisible (at least to public flight tracking websites and commercial off the shelf receivers). Unless the transponder is turned on for a specific purpose: to let the world know they are there. In fact, as reported several times here, it’s difficult to say whether some aircraft that can be tracked online broadcast their position for everyone to see by accident or on purpose: increasingly, RC-135s and other strategic ISR platforms, including the Global Hawks, operate over highly sensitive regions, such as Ukraine or the Korean Peninsula, with the ADS-B and Mode-S turned on, so that even commercial off the shelf receivers (or public tracking websites) can monitor them. Is it a way to show the flag? Maybe.

Summing up, FR24.com, PF.net, home-made kits etc. are extremely interesting and powerful tools to investigate and study civil and military aviation; until ADS-B is made more resilient and secure, air forces around the world have only to consider the risk of public flight tracking when executing combat missions in the same way other details, such as radio communications policies and EMCON (Emission Control) restrictions, are already taken into account.

Many thanks to @CivMilAir for helping preparing this article.

First Prototype Of Brazilian KC-390 Military Cargo Aircraft Almost Crashed During Stall Tests Last Month

Pilots of the KC-390 were only able to recover the aircraft 300 meters from the ground.

Embraer has grounded the first prototype of the new KC-390 military cargo jet after a stall test incident on Oct. 12. According to the Brazilian planemaker, the scheduled test pushed the aircraft beyond its operating limits, however Brazilian Aero Magazine media outlet, that has talked to an engineer involved in the project who asked to remain anonymous, something else happened in the skies near Embraer Unidade Gavião Peixoto Airport, the private airport located near Gavião Peixoto, Brazil, owned and operated by Embraer: an incident that almost ended in a tragedy.

As reported by Aero Magazine, the KC-390 registered PT-ZNF was performing critical pre-stall tests, that involved high-AOA (Angle Of Attack) and  ice formation on wings. During the maneuver, an equipment used for the tests, detached from its place and rolled to the back of the cargo compartment causing a sudden change in the center of gravity (CG) of the aircraft. As a consequence of the rapid displacement of the CG the pilots lost control of the airlifter, that stalled and started to spin towards the ground. Reportedly, the pilots were able to recover the aircraft as it was only 1,000 feet (about 300 m) above the ground, and landed the KC-390 safely in Gavião Peixoto airfield.

Analysis of the track based on the KC-390 ADS-B transponder using the popular Flightradar24.com plane-tracking website suggests that the cargo prototype plunged from about 20,000 feet to around 3,000 feet, between 13.25UTC and 13.28UTC, with a peak vertical speed of -30,976 fpm. However, based on the ADS-B raw data, the area where the test flight was taking place is not covered by receivers at altitudes below 2,800 feet, therefore it is possible that the aircraft was recovered well below 3,000 ft and that the transponder signal was detected once the aircraft had climbed again to a safe altitude after recovering from the spin.

The track followed by the KC-390 during Oct. 12 test flight. Note the vertical speed of about -31,000 fpm at 11,375 ft.

Two KC-390 prototypes have been built, the second one being example PT-ZNJ that made its first flight on Apr. 28, 2016. PT-ZNF made its maiden flight on Feb. 3, 2015.

H/T Jaime Maia for the heads-up

Gigantic U.S. Global Hawk drone could be tracked online while flying 21-hour mission over Libya

We can’t say whether it happened by accident or on purpose, but a U.S. unmanned spy aircraft broadcast its position for everyone to see while flying a long mission over northern Libya.

It’s not a secret that U.S. Air Force RQ-4 Global Hawk UASs (Unmanned Aerial Systems) belonging to the 9th Operations Group/Detachment 4th of the U.S. Air Force deployed to Sigonella, Italy, from Beale Air Force Base, California, have been flying ISR (Intelligence Surveillance Reconnaissance) missions in support of EUCOM, AFRICOM and CENTCOM theater mission tasking since 2011.

The Global Hawks of the flying branch had their baptism of fire on Mar. 1, 2011, and were the first to fly over Libya to perform high altitude Battle Damage Assessment sorties on targets located in regions with  a residual SAM (Surface-to-Air Missiles) and MANPADS threat after Operation Odyssey Dawn was launched on Mar. 19, 2011.

From their deployment bases in the middle of the Mediterranean Sea and from Al Dhafra, UAE, the HALE (High Altitude Long Endurance) drones are regularly tasked with intelligence gathering missions over North Africa, East Europe and Middle East: in March 2015, the U.S. Air Force acknowledged the involvement of the RQ-4 Global Hawk unmanned surveillance aircraft in the air war on ISIS not only as an IMINT (Imagery Intelligence) platform but also as Battlefield Airborne Communications Node (BACN) platform, that replaces the imagery sensor package normally installed in the aircraft, to support ground ops by relaying communications between people and aircraft as well as enabling airstrikes on the Islamic State militants.

Like all the other spyplanes, during their (long) sorties, these strategic ISR drones typically tend to keep a low-profile: they operate in “due regard” with transponder off, with no radio comms with the ATC control, using the concept of “see and avoid” where the pilot flying is responsible for avoiding all traffic conflicts, much like a VFR flight plan without flight following. For this reason it should not be possible to detect RQ-4s on clandestine missions using “simple” commercial receivers like those feeding online flight tracking systems such as Flightradar24.com, PlaneFinder.net or Global ADS Exchange.

But Global Hawks could be tracked online over Ukraine beginning on October 2016 and, for the very fist time, while conducting a 21-hour mission over northwestern Libya on Feb. 4, 2017.

Indeed, yesterday an RQ-4 could be tracked on FR24.com taking off from Sigonella airbase around 1.30AM UTC, climb to 46,000 feet over the sea then head towards Libya where it circled for several hours.

Tracking while heading southbound (screenshot from FR
24.com)

Flying over northwestern Libya (screenshot from FR
24.com)

Skirting Tripoli southeast bound (screenshot from FR 24.com)

RTB to Sigonella (screenshot from FR
24.com)

Eventually the UAS returned to Sigonella in the late evening landing after 22.30 UTC, some 21 hours after take off.

By the way, on the very same day there was another U.S. RQ-4 drone tracking again over Ukraine….

The reason why the strategic drone was visible on the Internet for everyone to see (including the bad guys) remains a mystery. Just another case of inaccurate use of ADS-B transponder?

We have documented OPSEC failures exposed by online flight tracking, reporting about special operations planes clearly tracking over or near “danger zones” for nearly a decade.

We have informed the U.S. Air Force and other air forces that their planes could be tracked online, live, several times, but our Tweets (and those of our Tweeps who retweeted us) or emails have not had any effect as little has changed even though this author has received several emails from USAF pilots and aircrew members who wanted to say thank you for raising the issue.

Sometimes the reason for making an aircraft visible on FR24 can be deterrence: they purposely broadcast their position to let “the others” know a spyplane hunting terrorists is there. Was this the case? Hard to say.

H/T to the always alert @CivMilAir for the heads-up!

 

Salva

Salva

Salva

Salva

Salva

Salva

You can track U.S. Navy private contractor dogfights online

Flightradar24 lets you track ATAC’s fleet of private contractor aggressors that fly out of NAS Point Mugu and NAS Fallon.

Whilst most of the interesting aircraft (namely fighters and attack planes as Special Ops platforms are still there) are hidden on Flightradar24.com, the popular online tracking system still provides the opportunity to follow ATAC (Airborne Tactical Advantage Company) aggressors flying tactical flight training missions for U.S. Navy, Air Force and Air National Guard assets.

Indeed, as pointed out by Bob Cheatham, one of our avid followers from California, most of ATAC’s jets can be tracked as they practice dogfights almost daily off San Diego, inside the Naval Air Warfare Center Weapons Division-managed Point Mugu Sea Range that features 36,000 square miles of controlled sea and airspace, and allows for testing in a real-world environment.

ATAC’s Hawker Hunter flying a mission off San Diego. (FR24 screenshot courtesy of Bob Cheatham)

“Growing up in the 70s & 80s, I was a huge fan of Pt. Mugu’s VX-4 Evaluators (F-4 & F-14s), so now I find it interesting to see most of these maneuvers passed on to a civilian contractor that actually shows up in the clear on ADS-B!” Cheatham explained in an email to The Aviationist.

N328AX is an ATAC’s Hawker Hunter F.58 formerly belonging to the Swiss Air Force (FR24 screenshot courtesy of Bob Cheatham).

“Using the N-registration alerts on FR24, I track practice dogfights almost daily off San Diego between ATAC‘s Hunters & Kfirs (and who knows who else that isn’t on ADS-B?!) Now that I’ve programmed alerts tracking most of their fleet, I’m also seeing missions in the Atlantic off South Carolina & Florida too.”

IAI Kfir mission (FR24 screenshot courtesy of Bob Cheatham)

ATAC, acquired in July 2016 by Textron Inc.’s new Textron Airborne Solutions company, has been performing air-to-ship, air-to-air and research & development missions in support of DoD for the last 20 years using a fleet of fast jets that includes 6x IAI Kfir C2, 2x L-39ZA Albatros and several Hawker Hunters.

The company provides advanced Adversary support at all levels of the US Navy’s air-to-air training programs, from Fleet Replacement Squadrons to the Navy’s graduate level “TOPGUN” program.

Indeed, the ATAC’s Kfir can be often spotted at NAS Fallon (where the top shot was taken by aviation photographer Kedar Karmarkar): if you look for one of the Israeli jet’s serial numbers (for instance, N402AX) in FR24’s database, you’ll find several flights of the supersonic fighter at the Naval Fighter Weapons School in Nevada.

A Kfir from NAS Fallon. Note that part of the track is outside of FR24 coverage.

But adversary training at Point Mugu and the Top Gun school at NAS Fallon are not the only activities ATAC jets carry out.

According to the company’s website “ATAC also trains the U.S. Air Force, specifically in the European theater supporting the United States Air Forces, Europe (USAFE) with JTAC Training, as well as CONUS F-15 Operational Readiness Evaluations, “Red Flag/Northern Edge” exercises, and has been entrusted to provide support for Air Force F-22 Raptor crews.”

ATAC is not the only company to provide live Red Air aggressor training services for the U.S Air Force and U.S. Navy: Draken International; and Discovery Air Defence Services, a subsidiary of Discovery Air, are also regularly awarded contracts to perform such services.

Top image credit: Kedar Karmarkar

 

Salva

Here’s where a U.S. spyplane sought terrorists behind Bardo museum attack in Tunisia

A civil registered U.S. King Air used to track high-value and time-sensitive targets, including people, has conducted some missions over western Tunisia.

From Mar. 21 to 26, a U.S. Beechcraft King Air 350ER has conducted reconnaissance missions over the western Tunisia regions where jidahist terrorists behind the Bardo Museum attack have been hiding.

The news, exposed by the Corriere della Sera newspaper, was unveiled by Tunisian bloggers who noticed the civil-registered plane on Flightradar24.com: in fact, although it was probably involved in an intelligence gathering mission, the King Air “N351DY” did not turn off its ADS-B transponder and could be clearly tracked on the popular website (as already happened to other U.S. spyplanes over Afghanistan…) as it circled over the Jebel Chambi mountain between 22,500 and 24,500 feet.

Noteworthy, the aircraft operated by Pantelleria airport, a little Italian island off Tunisia: most probably, deploying the plane to a Tunisian airport was not safe, Sigonella airbase, in Sicily, from where U.S. Global Hawk and Predator and Reaper drone operate, was too far and Pantelleria was chosen as the closest base for the clandestine task.

The N351DY is registered to Aircraft Logistics Group LLC, based at Oklahoma City, known to have cooperated with Pentagon in the past.

The plane is the civil version of the MC-12W, an ISR (Intelligence Surveillance Reconnaissance) platform operated by the U.S. Air Force and equipped with a full array of sensors, a ground exploitation cell, line-of-sight and satellite communications datalinks, a robust voice communications suite as well as an electro-optical infrared sensor with a laser illuminator and designator.

The Air Force MC-12W, Army King Airs as well as several civil-registered King Airs (which appear similar to general aviation aircraft during their covert missions), are actually spyplanes used for several Special Operations and particularly capable to “find, fix, and finish” bad guys.

Here below is the track the plane flew on Mar. 22. On top of the article you find the route of Mar. 26’s mission, the last that could be tracked on FR24.

N351DY Mar 22

Image credit: Flightradar24.com