• NC Software is having a Black Friday Sale Event thru December 4th on Logbook Pro, APDL - Airline Pilot Logbook, Cirrus Elite Binders, and more. Use coupon code BF2020 at checkout to redeem 15% off your purchase. Click here to shop now.
  • NC Software is proud to announce the release of APDL - Airline Pilot Logbook version 10.0. Click here to view APDL on the Apple App store and install now.

DEFCON hacker illustrates flight plan vulnerability

diggertwo

Well-known member
Joined
Nov 28, 2001
Posts
65
Total Time
3500+
http://www.pilotbug.com/?p=547

A pilot presenting during the DEFCON conference this month showed how to use fake identities to file flight plans. As Righter Kunkel explained during the annual convention for hackers it is easy to provide a AME with false information to obtain a student pilot medical certificate. Armed with the medical, a person can file false flight plans with ATC.

While this is illegal, it is not going to be a problem until many flight plans are submitted. If this is done, it can be a big problem in the form of what is called a denial of service attack. DoS attacks are used to overwhelm the computer servers that are used to process incoming information. In the case of the ATC’s systems, many of the computers are linked in such a way that if one goes down, it could take down the rest of them. Radar, communication, and transponder information could all be compromised.

Kunkel explains that he, as a pilot, is trying to get this information out there to highlight the vulnerabilities of the underfunded FAA and increase awareness.

Read full story
 

igneousy2

Well-known member
Joined
Apr 3, 2004
Posts
1,262
Total Time
100+
Great! As long as it happens after i've blocked out. CA CHING!!!$$$
 

DXR-Beavis

Ummmmmmm, uuhhhhhhhh
Joined
May 20, 2006
Posts
21
Total Time
~250
I think this guy is just trying to make a name for himself or maybe he is just ignorant. Many of the centers take their host computers down at night, and the work around used is invisible to controllers on the scopes/towers and pilots never no the difference. The network used for flight plan filing goes down sometimes too, and it never stops air traffic. The biggest effect is maybe PDC's stop working or flight plans aren't ready as early as normal.
Without getting into too much detail, if someone tried to use an internet service on FAA.gov or Duats, I would think they could cause a denial of service on those websites but no more.
 

satpak77

Marriott Platinum Member
Joined
Dec 2, 2003
Posts
3,015
Total Time
5000+
File this under "old news" column. You don't even need a real name to file a flight plan. I can call WX BRIEF and file under Dick Cranium and it will get filed.

As Righter Kunkel explained during the annual convention for hackers it is easy to provide a AME with false information to obtain a student pilot medical certificate. Armed with the medical, a person can file false flight plans with ATC.
There is absolutely no linkage between a medical certificate and the ability to file a flight plan. Heck, if you can FLY A PLANE with no medical (not legally but we are beyond that discussion), why does this clown think merely filing a flight plan is a big deal ?

He needs to go back to Hacking 101 and rehack his brain cells and try to raise his IQ past low 90's.
 
Last edited:
Top