
LAS VEGAS — Air traffic control software used around the world could be exploited by hackers to unleash squadrons of ghost planes to befuddle those entrusted to keep the skies safe, a security researcher said Friday. Cyprus-based Andrei Costin demonstrated his findings at a Black Hat gathering of cyber defenders in Las Vegas. “This is for information only,” Costin said as he outlined how someone with modest tech skills and about $2,000 worth of electronics could vex air traffic controllers or even stalk celebrities traveling in private jets. “Everything you do is at your own risk.” Costin’s target was an ADS-B system in place for aircraft to communicate with one another and with air traffic control systems at airports.The system, which has been rolled out internationally in recent years in a multi-billion dollar upgrade, was designed to better track aircraft so airport traffic can flow more efficiently. A perilous flaw is that the system is not designed to verify who is actually sending a message, meaning that those with malicious intent can impersonate aircraft either as pranks or to cause mayhem, according to Costin. “There is no provision to make sure a message is genuine,” he said.“It is basically an inviting opportunity for any attacker with medium technical knowledge.” Air traffic controllers...