gManZboy writes "A key component of the FAA's emerging 'Next Gen' air traffic control system is fundamentally insecure and ripe for manipulation and attack, security researcher Andrei Costin said in a presentation Wednesday at Black Hat 2012. Costin outlined a series of issues related to the Automatic Dependent Surveillance-Broadcast (ADS-B) system, a replacement to the decades-old ground radar system used to guide airplanes through the sky and on the ground at airports. Among the threats to ADS-B: The system lacks a capability for message authentication. 'Any attacker can pretend to be an aircraft' by injecting a message into the system, Costin said. There's also no mechanism in ADS-B for encrypting messages. One example problem related to the lack of encryption: Costin showed a screen capture showing the location of Air Force One--or that someone had spoofed the system."
