Welcome to Flightinfo.com

  • Register now and join the discussion
  • Friendliest aviation Ccmmunity on the web
  • Modern site for PC's, Phones, Tablets - no 3rd party apps required
  • Ask questions, help others, promote aviation
  • Share the passion for aviation
  • Invite everyone to Flightinfo.com and let's have fun

DEFCON hacker illustrates flight plan vulnerability

Welcome to Flightinfo.com

  • Register now and join the discussion
  • Modern secure site, no 3rd party apps required
  • Invite your friends
  • Share the passion of aviation
  • Friendliest aviation community on the web

diggertwo

Well-known member
Joined
Nov 28, 2001
Posts
65
http://www.pilotbug.com/?p=547

A pilot presenting during the DEFCON conference this month showed how to use fake identities to file flight plans. As Righter Kunkel explained during the annual convention for hackers it is easy to provide a AME with false information to obtain a student pilot medical certificate. Armed with the medical, a person can file false flight plans with ATC.

While this is illegal, it is not going to be a problem until many flight plans are submitted. If this is done, it can be a big problem in the form of what is called a denial of service attack. DoS attacks are used to overwhelm the computer servers that are used to process incoming information. In the case of the ATC’s systems, many of the computers are linked in such a way that if one goes down, it could take down the rest of them. Radar, communication, and transponder information could all be compromised.

Kunkel explains that he, as a pilot, is trying to get this information out there to highlight the vulnerabilities of the underfunded FAA and increase awareness.

Read full story
 
Great! As long as it happens after i've blocked out. CA CHING!!!$$$
 
I think this guy is just trying to make a name for himself or maybe he is just ignorant. Many of the centers take their host computers down at night, and the work around used is invisible to controllers on the scopes/towers and pilots never no the difference. The network used for flight plan filing goes down sometimes too, and it never stops air traffic. The biggest effect is maybe PDC's stop working or flight plans aren't ready as early as normal.
Without getting into too much detail, if someone tried to use an internet service on FAA.gov or Duats, I would think they could cause a denial of service on those websites but no more.
 
File this under "old news" column. You don't even need a real name to file a flight plan. I can call WX BRIEF and file under Dick Cranium and it will get filed.

As Righter Kunkel explained during the annual convention for hackers it is easy to provide a AME with false information to obtain a student pilot medical certificate. Armed with the medical, a person can file false flight plans with ATC.
There is absolutely no linkage between a medical certificate and the ability to file a flight plan. Heck, if you can FLY A PLANE with no medical (not legally but we are beyond that discussion), why does this clown think merely filing a flight plan is a big deal ?

He needs to go back to Hacking 101 and rehack his brain cells and try to raise his IQ past low 90's.
 
Last edited:

Latest resources

Back
Top