Tag Archives: Mode S

Vulnerable To Cyber Attacks, ADS-B May Expose F-22s To Web Based Tracking GAO Warns

A new report highlights the risks of ADS-B transponders. But it focuses on technology rather than operation security.

We have been writing about this topic since 2011. As most of our readers already know by now, Flightradar24 and PlaneFinder are two famous Web-based services that let anyone who has an Internet access on their computer, laptop or smartphone, track flights in real-time.

Aviation enthusiasts and geeks, journalists but also curious people use these portals to get details about civil and military flights all around the world.

The ADS-B system uses a special transponder that autonomously broadcasts data from the aircraft’s on-board navigation systems about its GPS-calculated position, altitude and flight path. This information is transmitted on 1090 MHz frequency: ground stations, other nearby aircraft as well as commercial off-the-shelf receivers available on the market as well as home-built ones, tuned on the same frequency, can receive and process this data.

Flightradar24 and PlaneFinder rely on a network of several hundred (if not thousand) feeders who receive and share Automatic Dependent Surveillance-Broadcast (ADS-B) transponders data and contribute growing the network and cover most of the planet.

Obviously, only ADS-B equipped aircraft flying within the coverage area of the network are visible.

Actually, in those areas where coverage is provided by several different ground stations, the position can be calculated also for those planes that do not broadcast their ADS-B data by means of Multilateration (MLAT). MLAT uses Time Difference of Arrival (TDOA): by measuring the difference in time to receive the signal from four different receivers, the aircraft can be geolocated and tracked even if it does not transmit ADS-B data.

Although the majority of the aircraft you’ll be able to track using a browser (or smartphone’s app) using the above mentioned Web-based tracking services are civil airliners and business jets, military aircraft are also equipped with Mode-S ADS-B-capable transponders: a 2010 Federal Aviation Administration rule requires all military aircraft to be equipped with ADS-B transponders by Jan. 1, 2020, as part of its program to modernize the air transportation system.

RQ-4 Global Hawk tracked during its mission near Crimea and over Ukraine on Jul. 20, 2017. The U.S. Air Force Global Hawk UAS are among the assets that can be regularly tracked online. (Screenshot from Flightradar24.com)

But, these are *usually* turned off during real war ops. Usually, not always.

In fact, during opening stages of the Libya Air War in 2011 some of the combat aircraft involved in the air campaign forgot/failed to switch off their mode-S or ADS-B transponder, and were clearly trackable on FR.24 or PF.net. And despite pilots all around the world know the above mentioned flight tracking websites very well, transponders remain turned on during real operations, making their aircraft clearly visible to anyone with a browser and an Internet connection. As a consequence, we have been highlighting the the risk of Internet-based flight tracking of aircraft flying war missions for years. In 2014 we discovered that a U.S. plane possibly supporting ground troops in Afghanistan acting as an advanced communication relay can be regularly tracked as it circled over the Ghazni Province. Back then we explained that the only presence of the aircraft over a sensitive target could expose an imminent air strike, jeopardizing an entire operations. US Air Force C-32Bs (a military version of the Boeing 757 operated by the Department of Homeland Security and US Foreign Emergency Support Team to deploy US teams and special forces in response to terrorist attacks), American and Russian “doomsday planes”, tanker aircraft and even the Air Force One, along with several other combat planes can be tracked every now and then on both FR24.com and PF.net.

A U.S. Air Force F-22 Raptor departs after receiving fuel from a KC-135 Stratotanker, assigned to the 340th Expeditionary Air Refueling Squadron, during a mission in support of Operation Inherent Resolve Aug. 22, 2017. According to GAO, ADS-B poses a threat to the Raptor stealthiness as it may expose the aircraft presence. (U.S. Air Force photo by Staff Sgt. Michael Battles)

Today, military planes belonging to different air forces as well as contractor and special operations planes can be regularly tracked while flying over Iraq, Afghanistan, Tunia, Egypt and many other “hot spots”.

A Government Accountability Office report released last month highlighted the risks of ADS-B. According to the watchdog agency neither the Department of Defense nor the FAA have taken significant steps to mitigate security risks associated with openly transmitting flight data from military aircraft (highlight mine):

Information broadcasted from ADS-B transponders poses an operations security risk for military aircraft. For example, a 2015 assessment that RAND conducted on behalf of the U.S. Air Force stated that the broadcasting of detailed and unencrypted position data for fighter aircraft, in particular for a stealth aircraft such as the F-22, may present an operations security risk. The report noted that information about the F-22’s precise position is classified Secret, which means that unauthorized disclosure of this information could reasonably be expected to cause serious damage to the national security.

Such risks have been highlighted since 2008 according to GAO:

In DOD’s 2008 comments about FAA’s draft rule requiring ADS-B Out technology, the department informed FAA that DOD aircraft could be identified conducting special flights for sensitive missions in the United States and potentially compromised due to ADS-B technology. Such sensitive missions could
include low-observable surveillance, combat air patrol, counter-drug, counter-terrorism, and key personnel transport. While some military aircraft are currently equipped with Mode S transponders that provide individuals who have tracking technology the altitude of the aircraft, ADS-B poses an increased risk.

Moreover, there are concerns since the ADS-B technology is vulnerable to jamming and cyber attacks. GAO:

For example, a 2015 Institute of Electrical and Electronics Engineers article about ADS-B stated that ADS-B is vulnerable to an electronic-warfare attack — such as a jamming attack — whereby an adversary can effectively disable the sending and receiving of messages between an ADS-B transmitter and receiver by transmitting a higher power signal on the ADS-B frequencies. The article notes that while jamming is a problem common to all wireless communication, the effect is severe in aviation due to the system’s inherently wide-open spaces, which are impossible to control, as well as to the importance and criticality of the transmitted data. As a stand-alone method, jamming could create problems within the national airspace. Jamming can also be used to initiate a cyber-attack on aircraft or ADS-B systems. According to the article in the 2015 Institute of Electrical and Electronics Engineers publication, adversaries could use a cyber-attack to inject false ADS-B messages (that is, create “ghost” aircraft on the ground or air); delete ADS-B messages (that is,make an aircraft disappear from the air traffic controller screens); and modify messages (that is, change the reported path of the aircraft). The article states that jamming attacks against ADS-B systems would be simple, and that ADS-B data do not include verification measures to filter out false messages, such as those used in spoofing attacks.

Lack of solutions:

Although DOD, FAA, and other organizations have identified risks to military security and missions since 2008, DOD and FAA have not approved any solutions to address these risks. This is because DOD and FAA have focused on equipping military aircraft with ADS-B technology and have not focused on solving or mitigating security risks from ADS-B. The approach being taken by FAA and DOD will not address key security risks that have been identified, and delays in producing an interagency agreement have significantly reduced the time available to implement any agreed-upon solutions before January 1, 2020, when the full deployment of ADS-B Out is required.

So, GAO urges DoD and FAA to approve solutions that can address operations, physical, cyber-attack, and electronic warfare security risks; and risks associated with divesting secondary-surveillance radars (since the idea is to divest legacy radars and replace them with ADS-B only). However, based on our experience, proper procedures should be adopted (provided they are not there yet) in order to prevent big OPSEC failures. Indeed, whilst securing ADS-B is a must, it’s probably more important to turn off the Mode-S and ADS-B transponders when conducting missions that need to remain invisible (at least to public flight tracking websites and commercial off the shelf receivers). Unless the transponder is turned on for a specific purpose: to let the world know they are there. In fact, as reported several times here, it’s difficult to say whether some aircraft that can be tracked online broadcast their position for everyone to see by accident or on purpose: increasingly, RC-135s and other strategic ISR platforms, including the Global Hawks, operate over highly sensitive regions, such as Ukraine or the Korean Peninsula, with the ADS-B and Mode-S turned on, so that even commercial off the shelf receivers (or public tracking websites) can monitor them. Is it a way to show the flag? Maybe.

Summing up, FR24.com, PF.net, home-made kits etc. are extremely interesting and powerful tools to investigate and study civil and military aviation; until ADS-B is made more resilient and secure, air forces around the world have only to consider the risk of public flight tracking when executing combat missions in the same way other details, such as radio communications policies and EMCON (Emission Control) restrictions, are already taken into account.

Many thanks to @CivMilAir for helping preparing this article.

Here Is The Route A U.S. RQ-4 Global Hawk Drone Is Currently Flying During A Surveillance Mission Over The Black Sea And Ukraine

A gigantic U.S. Air Force RQ-4 is currently flying over Ukraine, broadcasting its position for everyone to see.

U.S. RQ-4 Global Hawk UASs (Unmanned Aerial Systems) belonging to the 9th Operations Group/Detachment 4th of the U.S. Air Force deployed to Sigonella from Beale Air Force Base, California, have been flying ISR (Intelligence Surveillance Reconnaissance) missions in support of EUCOM, AFRICOM and CENTCOM theater mission tasking since 2011.

Beginning in 2015, they have started flying over Ukraine as well and, as already reported, instead of keeping a low-profile, they can be regularly tracked not only by “standard” ground radars, but even by commercial ADS-B receivers like those feeding online flight tracking systems such as Flightradar24.com, PlaneFinder.net or Global ADS Exchange while its imagery intelligence (IMINT) sensors take a look at Russian bases in Crimea and gather information about the pro-Russia forces on the ground in the Dombass region of Ukraine.

As we write this story, 19:00 GMT on Jul. 20, a Global Hawk drone can be tracked as it performs an ISR mission over Ukraine at 53,000 feet.

The unmanned aircraft has been airborne for some 17 hours. It started tracking early in the morning after departing from Sigonella, then it has headed east, flown over Bulgaria to the Black Sea, “skirted” Crimea, performed some racetracks off Sochi and then headed back to make a tour of Ukraine.

Here are some screenshots taken by our friend and famous ADS-B / ModeS tracking enthusiast running the popular @CivMilAir @ADSBTweetBot Twitter feeds:

 

As reported several times here, it’s difficult to say whether the drone can be tracked online by accident or not. But considered that the risk of breaking OPSEC with an inaccurate use of ADS-B transponders is very well-known, it seems quite reasonable to believe that the unmanned aircraft purposely broadcasts its position for everyone to see, to let everyone know it is over there. Since “standard” air defense radars would be able to see them regardless to whether they have the transponder on or off, increasingly, RC-135s and other strategic ISR platforms, including the Global Hawks, operate over highly sensitive regions, such as Ukraine or the Korean Peninsula, with the ADS-B and Mode-S turned on, so that even commercial off the shelf receivers (or public tracking websites) can monitor them.

Russian spyplanes can be regularly tracked as well: the Tu-214R, Russia’s most advanced intelligence gathering aircraft deployed to Syria and flew along the border with Ukraine with its transponder turned on.

Top image: Flightradar24 screenshot via @CivMilAir who deserves the usual H/T.

 

Salva

Salva

Salva

Flightradar24 exposes the presence of U.S. and allied ISR planes operating over Daesh stronghold in Iraq

Several spyplanes and drones keep an eye on Mosul, ISIS headquarters in northern Iraq.

As our readers know, we’ve been reporting about U.S. and allied planes that can be tracked online during war missions since at least 2011 when, during the opening stages of the Libya Air War, some of the combat planes involved in the air campaign forgot/failed to switch off their mode-S or ADS-B transponder, and were clearly trackable on FR.24 or PF.net.

Five years later, little has changed and transponders remain turned on during real operations making the aircraft clearly visible to anyone with a browser and an Internet connection, thus breaking OPSEC and exposing aerial refueling tracks or clandestine operations, like those being flown on a daily basis in North Africa, Afghanistan, or Iraq.

For instance, last night as many as three Beech 300 Super King Air aircraft could be tracked while they circled over Mosul while hunting for Isis leader Abu Bakr al-Baghdadi during ISR (Intelligence Surveillance Reconnaissance) missions.

N166BA

These days, along with the tankers, several quasi-civilian U.S. Army-operated aircraft, including the Pilatus PC-12/45 N56EZ, the Super King Air 300 N80BZ and N166BA and several MC-12W Liberty (the military variant of the B350 King Air).

Like the one, registered N6351V that crash landed near Erbil, Iraq on Mar. 5. In that case, the mishap exposed the fact that the Liberty (just like many other special mission aircraft operating in the same area) sported a non-standard white color scheme  to disguise itself as a light transport plane.

N6351V

But in spite of its general aviation appearance the aircraft was actually an MC-12W EMARSS (Enhanced Medium Altitude Reconnaissance and Surveillance System) variant used to perform ELINT (Electronic Intelligence), COMINT (Communication Intelligence), direction finding as well as Full Motion Video broadcasting to the tactical commanders on the ground, for day and night target detection, location, classification and tracking, as well as counter-IED operations.

All these modified aircraft are equipped with EO/IR (electro-optic/infra-red) sensors, aerial precision geolocation system, line-of-sight tactical and beyond line-of-sight communications suites, Distributed Common Ground System-Army (DCGS-A) workstations, and a self-protection suite: much more than a normal general aviation plane….

Beech 300 Super King Air

Another frequent visitors of the skies over Iraq is also a Bombardier Global 6000. According to some ADS-B experts it may be a RAF Sentinel R1, a quite advanced ISR platform that has been extensively used in Libya, Afghanistan and Iraq, or an E-11A, an advanced ultra long-range business jet that has been modified by the U.S. Air Force to accommodate Battlefield Airborne Communications Node (BACN) payload.

Whatever it is, needless to say, it can be tracked online on Flightradar24.com.

H/T to @CivilMilAir, Guglielmo Guglielmi, Guido Olimpio, Avi Scharf and Greg Anderson for contributing to this post. Top image credit: FR24.com via Greg Anderson. Image credit: Rudaw.

 

[Animation] The Queen's Diamond Jubilee flypast over London as seen from a radar-like computer display

Click on the image to start animation

The following animation showing the Queen’s Diamond Jubilee flypast over Buckingham palace was recorded on PlanePlotter by John Locker.

In this animation we can see the C-47 Dakota flight  [ZA947] and Lancaster flight [PA474] join up then fly down the Mall before breaking off to the north.

Other aircraft can be clearly seen in the animation: [CWL68] were the B200s with serial ZK453 and ZK454 (with SCE84 being probably a spare Beech); [P7350] was the Spitfire; [NOH23] was a chopper out of RAF Northolt, possibly on security duty.

Noteworthy, a Spitfire and a Hurricane pop up in the early frames but once joined up, only the lead aircraft in each section continued with Mode S.

Image courtesy John Locker

PlanePlotter (PP) is a software that receives and decodes live digital position reports from aircraft and plots them on a chart.

Using PlanePlotter, you can see a radar-like display of all those aircraft around you that are transmitting the appropriate digital messages including ACARS, ADS-B and HFDL. Needless to say, you need the appropriate hardware (receiver, antenna, etc.) to get the digital signals.

Unlike other very well known Internet services, as Flightradar24.com or Planefinder.net, PP has some more features, including

  • Multilateration to locate and track those aircraft which do not send  position reports
  • Beamfinder, Beamfinder Plus and Beamfinder Plus S: PlanePlotter can use the pings from known radar stations to calibrate the rotating beam and to use that information to locate aircraft not transmitting position

A330 MRTT (Multi-Role Tanker Transport) adds two new combat types: UAE Mirage 2000 and F-16 Block 60. And does it live on Flightradar24.com

Airbus Military has been very busy recently adding another two combat types able to be refueled from its A330 MRTT tanker aircraft, which has been ordered in three examples by the UAE Air Force.

The company, which is part of the EADS conglomerate, has performed several test flights out of Al Dhafra airbase near Abu Dhabi with the UAE AF F-16 Block 60 and the Mirage 2000 fighters. The tests, which included aerial refueling during climbs, descents, turns as well as straight and level flight were performed at a range of altitudes and speeds.

Even if the F-16 has already been qualified to be refueled from the A330 tanker this was the first time a Block 60 with the large conformal fuel tanks and a slightly different wake footprint than the older version of the F-16, has taken on fuel. Tests have involved aircraft in various loadouts.

The same tests were also performed on the Mirage 2000, including the two seat version with different loadouts as well as different fuel loads.

During the refueling tests of the Mirage the two underwing refuelling pods were used both to refuel a single jet and two jets at the same time. The F-16, that in the past were tested with a removable IFR (In-Flight Refueling) probe to take fuel from a hose-and-drogue tanker, used the Air Refuelling Boom System (ARBS).

For those interested in tracking some air-to-air refueling flights, please consider that they often appear on both Planefinder and Flightradar24 since the A330 MRTT broadcasts full ADS-B data from its Mode-S transponder.

For instance, using the radio callsign “CASA 013” the A330 EC-339 could tracked on Mar. 20, 2012 performing a refueling mission between FL240 and FL280. Click here to see the route followed by the MRTT during that sortie.

The track flown on Mar. 19, 21, 22 and 25 can be found as well using the playback feature of FR24.com.

Antonio Caramazana, Vice President Programme Director Airbus Military Derivatives, said: “It is very satisfying to qualify another two aircraft type as receivers for the A330 MRTT and we look forward to entry into service with the UAE Air Force later this year.”

The air crew training for the A330 with UAE pilots is currently taking place in Spain with the first two MRTT’s due to be delivered before the end of the year. The training of the aircrew takes place at Airbus’ training facility near Madrid and included not just the pilots but the refuelling operators too all using state of the art simulators.

Written with The Aviationist’s Editor David Cenciotti

Image by Richard Clements