CVE-2024-9310: Aircraft RF Signal Spoofing Vulnerability

CVE-2024-9310 Overview

CVE-2024-9310 is a vulnerability affecting aircraft communication systems that allows attackers to transmit RF signals with spoofed location data using software-defined radios and a custom low-latency processing pipeline. This attack can lead to the appearance of fake aircraft on displays and potentially trigger undesired Resolution Advisories (RAs), which could impact aviation safety and flight operations.

Critical Impact

Attackers with adjacent network access can inject spoofed RF signals that create phantom aircraft on radar displays and may trigger automated collision avoidance maneuvers, potentially endangering flight safety.

Affected Products

• Aircraft systems utilizing ADS-B (Automatic Dependent Surveillance-Broadcast)
• Traffic Collision Avoidance Systems (TCAS) that rely on RF-based aircraft positioning
• Air traffic control display systems processing ADS-B data

Discovery Timeline

• 2025-01-22 - CVE CVE-2024-9310 published to NVD
• 2025-01-22 - Last updated in NVD database

Technical Details for CVE-2024-9310

Vulnerability Analysis

This vulnerability exploits a fundamental weakness in how aircraft systems trust received RF signals for position data. The attack leverages the lack of authentication in ADS-B transmissions, which are designed to broadcast aircraft position, altitude, and identification information in the clear without cryptographic verification.

The vulnerability is classified under CWE-807 (Reliance on Untrusted Inputs in a Security Decision), as aircraft systems make critical safety decisions based on RF signals that can be forged by adversaries. The attack requires adjacent network proximity and involves high attack complexity with specific prerequisites, but requires no user interaction or privileges to execute.

Root Cause

The root cause of this vulnerability lies in the design of ADS-B and related aviation RF protocols, which transmit position and identification data without authentication or integrity protection. These protocols were designed decades ago when the threat of spoofing was not considered practical. Modern software-defined radio (SDR) technology has made it feasible for adversaries to generate and transmit convincing spoofed signals at relatively low cost.

Attack Vector

The attack requires physical proximity to the target aircraft (adjacent network attack vector) and utilizes software-defined radios to generate RF signals that mimic legitimate ADS-B broadcasts. A custom low-latency processing pipeline is employed to ensure the spoofed signals arrive with appropriate timing to be accepted by target systems. The attacker transmits fake position data that appears as legitimate aircraft to collision avoidance systems and air traffic displays.

The attack exploits the implicit trust that aircraft avionics and ground systems place in received RF signals. When successful, false aircraft appear on cockpit displays and ground radar systems. More critically, these phantom aircraft can trigger Resolution Advisories in TCAS systems, causing pilots to execute unnecessary evasive maneuvers.

Detection Methods for CVE-2024-9310

Indicators of Compromise

• Sudden appearance of aircraft targets with impossible flight characteristics (excessive speed, altitude changes, or trajectory discontinuities)
• Multiple aircraft appearing with identical or sequential transponder codes in close proximity
• ADS-B signals with anomalous signal strength patterns inconsistent with distance calculations
• Aircraft tracks that appear and disappear without following realistic flight patterns

Detection Strategies

• Implement multi-sensor correlation to verify ADS-B data against primary radar returns, MLAT (Multilateration), and other surveillance sources
• Deploy signal fingerprinting systems that can identify characteristics of legitimate versus spoofed transmissions
• Monitor for statistical anomalies in received ADS-B message timing and signal characteristics
• Establish geofencing alerts for unexpected aircraft appearances in restricted or controlled airspace

Monitoring Recommendations

• Enable detailed logging of all ADS-B message sources and signal characteristics for forensic analysis
• Implement real-time correlation between ADS-B tracks and flight plan databases to flag unexpected aircraft
• Monitor RF spectrum activity around ADS-B frequencies (1090 MHz) for anomalous transmission patterns
• Coordinate with air traffic control facilities to report and investigate suspicious track behavior

How to Mitigate CVE-2024-9310

Immediate Actions Required

• Review CISA ICS Advisory ICSA-25-021-01 for vendor-specific guidance and recommendations
• Implement enhanced verification procedures for ADS-B data before acting on Resolution Advisories when possible
• Coordinate with aviation regulatory authorities for approved mitigation measures
• Ensure flight crews are trained to recognize and respond appropriately to potential spoofing scenarios

Patch Information

This vulnerability stems from fundamental protocol design limitations in ADS-B rather than a software defect that can be patched conventionally. Long-term mitigations require industry-wide adoption of authenticated ADS-B protocols and enhanced signal verification technologies. Organizations should consult the CISA ICS Advisory ICSA-25-021-01 for the latest guidance on available mitigations and vendor recommendations.

Workarounds

• Deploy secondary surveillance systems (primary radar, MLAT) to cross-validate ADS-B data before making safety-critical decisions
• Implement signal strength monitoring and anomaly detection to identify potentially spoofed transmissions
• Establish operational procedures for flight crews to verify collision avoidance advisories through visual confirmation and ATC communication when safe to do so
• Consider RF direction-finding capabilities to validate that received signals originate from expected locations