This was not spoofed at the ADS-B layer. It was just spoofed to adsb exchange. (While typically a feeder contributes to multiple sites, this one didn't.) eg:
Yea, this is more like vandalizing Wikipedia than spoofing or interfering with safety-critical systems. It's juvenile, but probably not crashing any planes. It'll get reverted, and then presumably the adsb exchange website will tighten up their security.
There is no security within ADS-B. All you need is directional antenna pointing at receiver (if you just want to fuck with website, not cause mass panic in the nearest airport tower), there is no encryption or other form of authentication in the messages.
The security in question is the ADS-B exchange's web site's security, not the security of the ADS-B system. It's unlikely this vandal even has an antenna.
Juvenile times call for juvenile measures. In case you haven’t noticed, the US is being run by a bunch of arrested development high school bullies. Juvenile is one of the only languages they understand.
And is Vance or Trump watching Flightradar24 in their free time? And if they did, would they even get mad at this and not find it funny? And if they did get mad at it, would they do anything at all? If they did something, would it be anything desirable or just trying to retaliate at whoever drew this?
I had also posted this story earlier, then deleted it once I learned that. However, I did find this interesting doc about real ADS-B spoofing, which does not appear to be very easy:
Man, I wrote that comment at the end of a 14hr work day. The crazy thing is that I had seen that SDR slide when I first looked at this. Hours later, when I posted the comment, I reviewed it again and completely hallucinated the SDR slide away.
I need to check all the work I did towards the end of yesterday. Valuable lesson. Thanks.
As other commenters noted, this is almost certainly not RF spoofing, just sending bad data to an aggregator (ADS-B Exchange) over the internet.
This instance of spoofing is notable for being the first that I know of that wasn't primitive vector art or text, but a raster image!
In that area of Florida multiple receivers would have picked up actual ADS-B broadcasts. ADS-B aggregators do have various anti-spoofing measures, but they're not impossible to circumvent.
The only case of actual RF spoofing of aircraft transponder signals that I know of was actually done by the U.S. Secret Service, which interfered with passenger jet collision alert systems (TCAS) by apparently broadcasting bogus signals near Ronald Reagan National Airport (KDCA): https://nymag.com/intelligencer/article/aviation-flights-whi...
Just because I don't often get a chance to talk about this, I'll mention that there was a malfunction/accident/bug that caused what you might call spoofed signals to go out around Long Island and New York. Really interesting case where it seems that an FAA system wasn't handling magnetic declination correctly, which led to it generating false TIS-B targets that were rotated 13 degrees from real aircraft positions, from the radar antenna point of view: https://x.com/lemonodor/status/1508505542423064578
(TIS-B is a system that broadcasts ADS-B-like signals for aircraft that are being tracked by radar but either don't have ADS-B Out or otherwise might not be picked up by other aircraft with ADS-B In, e.g. maybe they're at a low altitude.)
There have been a couple other incidents with the TIS-B system. E.g. this apparent test near Dallas in 2022 that generated dozens of false targets in an interesting pattern: https://x.com/lemonodor/status/1481712428932997122 There was a similar incident around LAX several months later.
whoa, i saw your initial tweet about this, but never saw your follow up that confirmed the magnetic declination association. the convergence back to the ground radar is brilliant. nice find.
(Of course if you were spoofing ADS-B RF signals you wouldn't necessarily need to be anywhere near the spoofed locations. Just like with GPS spoofing.)
Surely the receiver would run plausibility checks on the received messages and reject spoofed locations that are physically impossible to receive by said receiver?
But even if that was the case, is there any value for a receiver to be receiving those? Surely those messages would be picked up by a receiver closer to the transmitter anyway. I think the value in spoofing rejection is greater than the probability of a transmission reflecting from beyond the horizon and not being already being picked up by a local receiver.
> But even if that was the case, is there any value for a receiver to be receiving those?
Yes, radio propagation is an entire academic field to be studied :)
In addition, if you have enough receivers you can use that to run something called MLAT [1] to also pick up GA aircraft that just have a transponder but no GPS. The more the merrier.
I agree with this. Hopefully they're able to track down who did this. To upload to ADS-B Exchange you need an account. But it's not that difficult to get one. I'm not sure what kind of information they may be able to get on it. As you say the person who uploaded this may not be anywhere near there. The aggregators probably should have heuristics like if only one feeder in an area with a decent density of feeder coverage uploads an anomalous track, it should get flagged.
> Hopefully they're able to track down who did this.
Why? Was anybody harmed?
Hopefully they don't find out who did this. There was never any danger, and without this kind of joke, the world would be less fun.
(Obviously it should be harder to fool critical systems, so this served also as a warning, but if you want to attack such a system, a real bad guy would do this in more subtle ways.)
The FCC and the FAA are two federal agencies that really don't want to mess with, so I hope for their sake they didn't actually spoof it. (.... I wish there were an FBB as well)
Seems like it wasn't actually spoofed radio signals, but spoofed data collection uploaded to adsbexchange. Still seems unlikely to make the FAA happy, but not as bad. I assume air traffic controllers aren't relying on adsbexchange?
There are non-radar towers that don't have scopes. They may have a traffic display, or maybe not. They might choose to use a public ADS-B aggregator site because it gives them situational awareness, but they don't use it to provide radar services to aircraft. That's my understanding from listening to a lot podcast episodes with air traffic controllers, anyway. I think it's an unofficial, non-FAA approved kind of thing that can make their jobs easier.
> They might choose to use a public ADS-B aggregator site because it gives them situational awareness
I do not understand what the upside is, aside from saving a tiny amount of effort and cost -- they could get the same data with more reliability by just running their own ADS-B receiver, without having a dependency on a third-party.
I always thought that coverage of those receivers was so dense by now that you'd have multiple reports of each aircraft but apparently that's not the case.
If you get the DF17 frames and extract the airborne position messages Type Codes 9–18.
Then CPR decode them into latitude/longitude....plus plot enough spoofed positions so the point cloud forms a QR code like raster on the map, then scan the rendered pattern...you get a URL to the unredacted Epstein files.
Actually spoofing ADSB radio signals could very well land you in prison with a $100,000 fine. The FCC is very eager to find and fine you for these kinds of stunts.
Spamming flightaware is much less severe, but still... it's not cute to mess with life-safety critical infrastructure.
I'm still chewing on the idea of how many supporters are bots or at least bot-adjacent (ie manufactured social proof), and what can even be done about that. When I go to my local [small, suburban] protest in a balanced red-blue area, lately it's been many honks and agreements, and only a handful of angry grimaces.
So I think the tide has long ago shifted, which makes sense what with the terror gangs executing Americans and all. The question is how we can organize into meaningful opposition when most activity happens online these days, and every non-echo-chamber forum still has extremist nutjobs who derail productive conversation.
I'd think that Congressional offices are seeing a similar dynamic too, inundated with robocalls from "constituents", the occasional untraceable threat of violence to their families if they step out of line, etc.
It's happening again. Spoofing is in progress, rendering another image. ADS-B Exchange has blocked access to the ICAOs/hexes in question--if you try to look at their history you get redirected to the base map.
Most planes broadcast their position using ADS-B, and some websites collect these signals and visualize them so you can track flight paths. Somebody broadcast a fake flight path that draws a picture of JD Vance on these sites: https://globe.adsbexchange.com/?icao=adfdf9&lat=26.678&lon=-...
To expand on that, those websites mostly operate on random volunteers self hosting a (starting price) fairly cheap receiver and antenna with an open source stack that feeds the ADS-B data to the website operator in exchange for nothing or free "premium" benefits.
The spoofer could have just sent them fake location information drawing an image using latitude, longitude and altitude for color (in the default view flight paths have different colors based on the altitude of the plane at that point in time).
They could have built an antenna and actually broadcast this data, but that would be a lot more effort and most likely some form of crime.
ADS-B (Automatic Dependent Surveillance-Broadcast) is a protocol for planes to publish their positions, so help with the whole "not crashing into each other" thing. The data is mostly for pilots and air traffic control, but it is publicly available, and there's a number of sites that track the data so that you can see what planes are overhead or whatever.
Someone spoofed Airforce One's transponder, had it declare itself as "VANCE 1", and then fly a pattern to display the meme. Or lied to one or more of the major sites, pretending to be listening in on the ADS-B signals. It's unclear. Regardless, it's a very funny hack.
It’s basically the modern radar system as in it supplies the data air traffic controllers see on their screens. Civilian ATC doesn’t really use actual radars any more.
That said, TCAS (Traffic Collision Avoidance System) does not operate on flight data reported by ADS-B.
Since most of these ADS-B collection sites are patchworks of unofficial/best effort, that seems like a great attack vector for nation state-level spoofing to interrupt flight planning, capacity planning, other tertiary air transport operations, and make civilians nervous. It's analogous to "hobby" code running key infrastructure of the internet without serious processes and auditing, testing, and verification.
It would be far better and more reliable to have the FAA do it by providing authoritative single source of truth as (selectively) open data rather than depend upon the whims / greed / sloppiness of an over-privatized utility. ATCs need and/or have this data anyhow, so in the future, it should be provided.
It's literally "computer fraud and abuse" in every sense of the word, so one assumes that an avenue of potential prosecution and possible conviction would be under the CFAA act. This does not, of course, guarantee that a conviction would be made and upheld at appeal, but this community is quite familiar with the dire harm that federal prosecution for misuse of computer services can impose on individuals, no matter how misguided that prosecution may be. Prosecution can be wielded as a form of persecution that does not require a conviction as outcome to be successful, and that is the a pressing risk now faced by whoever did this.
ADS-B is packet data telemetry broadcast unencrypted and unauthenticated by aircraft on 1090MHz.
Anyone can receive it, and many do. FlightRadar and others have networks of people with receivers that forward all received packets to central servers.
The aircraft self-report location, heading, altitude, etc, so anyone can transmit packets making ghost planes.
I am somewhat surprised nobody has stashed an ADS-B spoofer near ATL or AMS that just broadcasts tracks of A380 tail numbers crossing the runways perpendicular at 500 ft AGL or something. They have primary radar, sure, but I imagine there would still be a temporary disruption until people figured out what was going on.
I think this is the first case I’ve seen of ADS-B spoofing in the wild.
EDIT: this was spoofed reports to the data aggregators via the internet, not broadcast on radio waves. I’ve still never seen or heard tell of RF ADS-B spoofing.
> I’ve still never seen or heard tell of RF ADS-B spoofing.
Probably because the required expertise, effort, risk, and reward ratios don't work out. You can cause a minor disturbance that isn't particularly visible and in exchange get investigated by the FBI. Seems about as wise as attempting to graffiti the front gate of a military base.
Probably is not causing traffic issues. With that said I'm sure a number of TLA's are looking into it already, so whoever did it has hopefully took a number of infosec steps not to get caught and questioned.
No real 747 flew this. It was a prank using impossible flight data via ADS-B spoofing. Ground-based “software-defined radios” (SDRs) broadcast fake transponder signals to trick ADS-B Exchange. This works because both the ADS-B & AIS systems use unencrypted, unauthenticated data.
It’s only “other” at the very last point. Go earlier in the track and it shows as “ADS-B”, but every historical real flight in this plane is MLAT (it doesn’t broadcast its precise position but it can be inferred from receivers)
I believe this was "spoofed" only in the sense that a particular provider/online platform accepted data via an API that was abused to draw this on that platform only. Searching around it seems it was not found if you looked on other platforms, so it might not even have been a crime. I believe they didn't emit any real "signals" just took advantage of an API that should probably be better secured.
At worst it'd be a violation of the site ToS - it's a crowdsourced community data based system, and not any sort of an official, important system. The account doesn't seem to have been banned, so maybe the admins are just rolling with the joke.
I think the API is secured? The entire premise is that a volunteer creates an account and uploads ADS-B telemetry. Detecting falsified data is a separate matter.
ADSB sites aren't any sort of official thing. You can send whatever data you want to them. Just because it's there doesn't mean it ever went over the air as an ADSB broadcast.
Agreed with other commenters that nothing was likely actually broadcast, but if it was it would definitely be highly illegal and you’d have feds knocking down your door pretty quickly. They don’t joke around with illegal transmissions like that.
"The Government’s interpretation of the statute would attach criminal penalties to a breathtaking amount of commonplace computer activity,” Barrett wrote. “If the ‘exceeds authorized access’ clause criminalizes every violation of a computer-use policy, then millions of otherwise law-abiding citizens are criminals."
adsbexchange is a user-generated content platform where you can submit decoded radio signals to a common database. Sending fake data to adsbexchange is as much a CFAA violation as posting hoaxes to Wikipedia or a social media platform.
Assuming the FAA has the authority to enforce ADSB requirements (an open question post-Chevron), I can’t find any regulation saying non-aircrafts cannot transmit ADSB. Only ones saying aircrafts in certain categories must.
There’s probably some non-interference requirement somewhere (FCC spectrum licensing perhaps), but I’m not seeing it immediately.
All this is in the hypothetical that RF was transmitted, which as others point out it probably wasn’t.
A transponder in a car is not an "aircraft station" (§ 87.5), therefore it is not covered by aircraft "license-by-rule" (§ 87.18(b)), so transmitting would be operating without a valid authorization (§ 1.903(a)). https://www.ecfr.gov/current/title-47/chapter-I/subchapter-D...
This is easily-prosecutable willful interference or possibly aircraft sabotage: ADS-B operates in licensed bands and uses an already highly-contended modulation scheme and transmission protocol.
- https://globe.adsb.fi/?icao=adfdf9&lat=26.678&lon=-80.030&zo...
- https://adsb.lol/?icao=adfdf9&lat=26.678&lon=-80.030&zoom=14...
Relevant discussion on r/adsb: https://www.reddit.com/r/ADSB/comments/1qp3q9n/interesting/ where they note it's also absent on FR24, airplanes.live, and theairtraffic.com.
The adsb-x feeder map: https://map.adsbexchange.com/mlat-map/ They probably won't have a hard time identifying who contributed that data.