LAUSR.org creates dashboard-style pages of related content for over 1.5 million academic articles. Sign Up to like articles & get recommendations!

GDL90fuzz: Fuzzing - GDL-90 Data Interface Specification Within Aviation Software and Avionics Devices–A Cybersecurity Pentesting Perspective

Photo by leonelfdez from unsplash

As the core technology of next-generation air transportation systems, the Automatic Dependent Surveillance-Broadcast (ADS-B) is becoming very popular. However, many (if not most) ADS-B devices and implementations support and rely… Click to show full abstract

As the core technology of next-generation air transportation systems, the Automatic Dependent Surveillance-Broadcast (ADS-B) is becoming very popular. However, many (if not most) ADS-B devices and implementations support and rely on Garmin’s Datalink 90 (GDL-90) protocol for data exchange and encapsulation. This makes it essential to investigate the integrity of the GDL-90 protocol especially against attacks on the core subsystem availability, such as denial-of-service (DoS), which pose high risks to safety-critical and mission-critical systems such as in avionics and aerospace. In this paper, we consider GDL-90 protocol fuzzing options and demonstrate practical DoS attacks on popular electronic flight bag (EFB) software operating on mobile devices. Then we present our own specially configured avionics pentesting platform and the GDL-90 protocol. We captured legitimate traffic from ADS-B avionics devices. We ran our samples through the state-of-the-art fuzzing platform American Fuzzy Lop (AFL) and fed the AFL’s output to EFB apps and the GDL-90 decoding software via the network in the same manner as legitimate GDL-90 traffic would be sent from ADS-B and other avionics devices. The results showed worrying and critical lack of security in many EFB applications where the security is directly related to the aircraft’s safe navigation. Out of the 16 tested configurations, our avionics pentesting platform managed to crash or otherwise impact 9 (56%). The observed problems manifested as crashes, hangs, and abnormal behaviors of the EFB apps and GDL-90 decoders during the fuzzing test. Our developed and proposed systematic pentesting methodology for avionics devices, protocols, and software can be used to discover and report vulnerabilities as early as possible.

Keywords: avionics; gdl protocol; gdl; software; avionics devices

Journal Title: IEEE Access
Year Published: 2022

Link to full text (if available)


Share on Social Media:                               Sign Up to like & get
recommendations!

Related content

More Information              News              Social Media              Video              Recommended



                Click one of the above tabs to view related content.