DDPS Cyber-Defence Campus identifies vulnerabilities in civil aviation collision warning system
The DDPS Cyber Defense Campus has found two vulnerabilities in the "Traffic Alert and Collision Avoidance System (TCAS) II" collision warning system for civil aviation. On January 21, 2025, the vulnerabilities detected and published were classified as moderate and severe respectively by the US Cyber Defense Agency CISA and the US Federal Aviation Authority (FAA).
In the fall of 2023, a team from the Cyber Defense (CYD) Campus succeeded in triggering false warnings on a pilot cockpit in their Cyber Avionics Lab on a certified TCAS processor with their own radio setup. The manufacturer and the aviation authorities in Europe and the USA were informed of the new findings.
On 21 January 2025, the US Cyber Defence Agency CISA of the United States Department of Homeland Security, together with the FAA, was the first organization to publish a security notice. They classified the two vulnerabilities found by the Cyber Defense Campus in the "Traffic Alert and Collision Avoidance System II" collision warning system as moderate or severe - a groundbreaking assessment for other regions, including Europe. The FAA's assessment shows that no technical countermeasures are currently available.
Safety for civil aviation
The findings of the Cyber-Defence Campus provide an important basis for international security assessments and future protective measures. The organizations concerned are therefore recommended to take compensatory measures for the early detection of such attacks in order to be able to react appropriately in an emergency.
In summer 2024, researchers from the Cyber Defense Campus demonstrated the findings at the "DEF CON Hacking Conference" in Las Vegas, Nevada and at "USENIX Security", a security conference in Philadelphia, Pennsylvania.
Research at the CYD Campus
Researchers at the CYD Campus have been working on this topic for over five years. The Cyber Avionics Lab set up for this purpose in Thun makes it possible to investigate cyberattacks on certified aviation systems. Researchers at the CYD Campus were already doing pioneering work in this field years ago. Various systems such as ADS-B, MLAT, CDPLC and GPS were scrutinized to show how these digital aviation systems would react to realistic cyber attacks.
Over the past two years, a team from the CYD Campus has been working intensively with Italian researchers on the investigation of TCAS II. This system is mandatory in civil aviation for aircraft weighing 5,700 kg or more or carrying more than 19 passengers and is used as a last resort for collision avoidance when all other procedures for maintaining the distance between flying objects have failed. Pilots are obliged to react immediately to TCAS collision warnings, for example by adjusting their altitude upwards or downwards.
The Cyber Defense Campus
The Cyber-Defence Campus forms the link between the DDPS, industry and science in the areas of research, innovation and training for cyber defense. Its tasks include the early identification of the latest trends in the cyber field, the development and testing of cyber technologies and the training of cyber specialists.
It was founded in 2019 as part of the DDPS Cyberdefence Action Plan at armasuisse Science and Technology and contributes to the DDPS Cyber Strategy and the National Cyber Strategy (NCS).
Source: www.ar.admin.ch
