Sweet TCAS! We can make airliners go up-diddly-up whenever we want, say infosec researchers

Not only can malicious people make airliners climb and dive without pilot input – they can also control where and when they do so, research from Pen Test Partners (PTP) has found.

TCAS spoofing, the practice of fooling collision detection systems aboard airliners, can be controlled to precisely determine whether an airliner fitted with TCAS climbs or descends – and even to produce climb rates of up to 3,000ft/min.

Building on earlier research into the bare-bones concept [PDF], PTP said it had figured out how to shape and control airliners’ automatic TCAS responses so they moved up or down at precisely known points.

In a blog post the firm said: “We rationalised this to the point where we only needed three fake aircraft to provide [a Resolution Advisory] that caused a climb of over 3,000 ft/min.”

[…]

The prospect of a rollercoaster ride is less scary (or realistic) than it might seem; a recent Oxford University study showed that when airliner pilots are presented with too many spoof warnings, they simply disable the system responsible – and look out of the window so they keep flying safely.

Source: Sweet TCAS! We can make airliners go up-diddly-up whenever we want, say infosec researchers • The Register