DEFCON 20: RenderMan on ADS-B aero radio

Brad Haines (RenderMan) CISSP, is a Whitehat by trade, Blackhat by fashion, who presented this talk at DEFCON 20. For those of you unfamiliar with him, RenderMan has a history of hacking RF who’s rumored to be a member of the Church of WiFi. In this presentation he turns his attention to ADS-B (Automatic Dependent Surveillance-Broadcast), a common technology installed or being installed on a vast majority of commercial airliners that involves an unencrypted and unauthenticated radio broadcast. He explores the system’s features and weaknesses, noting what can happen when security is not built in from the beginning. He hopes that this serves tospur more research and investigation into this field.

This entry was posted in digital radio data, RF, Videos and tagged , .


  1. Drone says:

    ADS-B is a disaster when it comes to system design and security. The Government made a real mess of this (so what else is new?) If your Government can’t even get something like ADS-B right – do you really want them running your health care system too? I don’t think so…

    Everyone should watch this video and pass the link on to your representatives in Congress (or equivalent if your country has such a thing).

    • the machinegeek says:

      Here in the US our Congress would “solve” the problem by criminalizing research such as RenderMan’s, with pretrial incarceration without bail, mandatory minimum sentences, etc., as well as outlawing the dissemination of this information.

      • Drone says:

        @the machinegeek, you make good points. Insidious Govt. gone wild…

        Back on topic,.. Check out the TCAS vulnerabilities at the end of the DEFCON 20 video link in the OP. One thing the presenter didn’t touch on is ACARS – which IMO suffers from similar vulnerabilities.

        I’m really surprised there hasn’t been more feedback on this DP post. This air traffic control protocol issue (issues) are very serious. Again, in my opinion…

Leave a Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Notify me of followup comments via e-mail. You can also subscribe without commenting.