The Associated Press reports that a 32-year-old Berlin resident was recently arrested for making radio contact with air traffic and pretending to be an air traffic controller.
During a search of his home, police found two radios that transmitted on the frequencies needed to make contact with aircraft.
The man is alleged to have made contact with pilots of passenger and transport aircraft, as well as state and federal police helicopters, over the past six months, giving “potentially dangerous” instructions and becoming increasingly professional with his communications.
No accidents or other incidents are known to have been caused by his actions, police said.
Most, if not all, civilian air transmissions–both voice and data–are transmitted in the clear with no encryption. This includes the Automatic Dependent Surveillance-Broadcast (ADS-B), which is used to transmit the location and speed of an aircraft to air traffic controllers.
The Federal Aviation Administration maintains that newer systems that do not include encryption are no less secure than previous generations of such systems that did not include encryption.
There is an interesting 2016 paper, On Perception and Reality in Wireless Air Traffic Communications Security, which suggests that aviation and cybersecurity experts end up talking past each other.
These instances show that, unfortunately, many who understand wireless security, do not have appropriate aviation expertise. Likewise, many stakeholders in aviation know the processes and procedures but do not realize the severity of modern cybersecurity issues. Our work aims to integrate these colliding perspectives in a realistic model and inform future discussion about wireless security in aviation.