Collision risk for passenger aircraft: DDPS discovers safety gaps
DDPS specialists have discovered two security vulnerabilities in the TCAS collision warning system. This means that false warning messages can be sent to aircraft cockpits. As a result, there is a potential risk of civilian passenger aircraft colliding.
A team of experts from the Federal Department of Defence, Civil Protection and Sport (DDPS) discovered two serious security vulnerabilities in the civil aviation system. Specifically: in its collision warning system. This reports ArmaSuisse. Using these loopholes, they were able to generate false warning messages in a pilot's Cockpit in a test run under laboratory conditions.
The experts immediately communicated their findings to the TCAS (Traffic Alert and Collision Avoidance System) manufacturer and the relevant aviation authorities in the USA (FAA) and Europe. US authorities subsequently followed up on this information and rated the two vulnerabilities as medium (CVE-2024-9310) and high severity (CVE-2024-11166). This assessment also affects areas outside the USA.
Attacks are complicated and unlikely
So far, however, the US security authority CISA has not documented any active attacks. Although the vulnerabilities in the so-called TCAS II standard can be exploited under laboratory conditions, they require very specific prerequisites and are therefore considered difficult to implement in practice.
Source: Shutterstock
The parties agreed that the CVE-2024-11166 vulnerability can be mitigated by upgrading to the more recent ACAS X system or updating the associated transponder. However, there are currently no effective countermeasures for the moderate vulnerability CVE-2024-9310. Armasuisse also emphasises that a successful attack on an operational TCAS system would involve considerable hurdles. Nevertheless, the risk should not be underestimated - ArmaSuisse recommends preventive measures.
The warning system in question must be installed on civilian commercial aircraft with at least 19 passengers and a weight of 5.7 tonnes or more. An early warning enables pilots to react and thus prevent collisions.
36 people like this article
I've been tinkering with digital networks ever since I found out how to activate both telephone channels on the ISDN card for greater bandwidth. As for the analogue variety, I've been doing that since I learned to talk. Though Winterthur is my adoptive home city, my heart still bleeds red and blue.