Skip to content
July 12, 2026
  • Linkedin
  • Twitter
  • Facebook
  • Youtube

Daily CyberSecurity

Zero-hour alerts. Unmatched analysis.

Primary Menu
  • Home
  • CVE Data
    • CVE Watchtower
    • Top Exploited CVEs
    • CVE Stats by Vendor
    • Q2 2026 Report
  • Cyber Criminals
  • Data Leak
  • Linux
  • Malware
  • Vulnerability
  • Submit Press Release
  • Vulnerability Report
Light/Dark Button
  • Home
  • News
  • Technology
  • Next-generation aircraft ID systems are vulnerable to hacking
  • Technology

Next-generation aircraft ID systems are vulnerable to hacking

Do Son January 24, 2018 3 minutes read
Add Daily CyberSecurity as a preferred source on Google

The U.S Government Accountability Office (GAO) submitted a report to the U.S Congress that pointed out that there are still unresolved cyber-security issues in the U.S. “broadcast automatic related surveillance” technology (ADS-B Out) the Hostile States and unauthorized individuals and organizations may use real-time data broadcast by military aircraft (in flight) to perform a variety of malicious activities.

GAO did not provide details. As part of the Federal Aviation Administration’s (FAA) Next-Generation Air Systems modernization program, the ADS-B Out system is designed to make it easier for third parties to access data to track and determine the condition of an aircraft without having to maintain a private database.

ADS-B Out: Automatic broadcast-related monitoring

Automatic acquisition of parameters from relevant airborne equipment without manual intervention or interrogation Placement of aircraft information such as position, altitude, speed, heading, identification number, etc., for the aircraft to monitor.

 

ADS-B system features

The FAA hopes to modernize ground-based radar systems using the Satellite-based system via ADS-B, enabling automatic reporting of aircraft positions, automatic navigation, and digital communications.

The ADS-B provides accurate position information for both high-altitude and airport-parked aircraft. It covers a wider area than traditional radars, helping to reduce the risk of collisions, providing pilots with real-time alerts and providing more accurate location information during inclement weather. The FAA requires that all aircraft in the U.S. airspace be equipped with ADS-B by January 2020 and that military aircraft be no exception. The DOD and other federal agencies have been very concerned about this technology for years.

GAO said that with the help of existing technology, the public can access the aircraft’s International Civil Aviation Organization (ICAO) addresses (including aircraft models, codes such as aircraft’s 24-digit electronic identification code), answering machines or “calling” codes and heights to track certain aircraft. ADS-B made these flight data available in a timely manner for military aircraft, but some of the data were confidential for some aircraft.

What security risks may be brought?

According to the report, foreign intelligence agencies, terrorists, and criminals may identify and track the aircraft through existing technologies. The FAA fears that switching to a radar system will cause problems when it switches to ADS-B. The U.S. military is concerned that the military aircraft’s broadcast information is vulnerable to cyber-attacks and that the operation of the military aircraft by the state, individuals, and organizations may occur.

Extensive assessments by the U.S. Department of Defense (DOD) and the Federal Aviation Administration confirmed that there is a security risk in ADS-B Out technology that could expose aircraft, tactical air traffic control systems, and FAA radars to countries, individuals or organizations Launched electronic warfare, cyber attacks and other types of interference activities.

So far, the FAA and the U.S. Department of Defense have been focusing on the installation of equipment and have not yet solved their security problems with military aircraft. The U.S. Defense Department advises shielding military identifiers, allowing military aircraft pilots to turn off ADS-B and other solutions. So far, the United States Department of Defense and the Federal Aviation Administration have not approved any mitigation.

Get Zero-Hour Vulnerability Alerts

Critical CVEs, CVSS scores, and PoC updates — straight to your inbox every week.


We respect your inbox. Unsubscribe anytime.

Related coverage

  • AWS Unleashes Enterprise AI: Bedrock AgentCore & $100M Boost for AI Agent Development
  • DOJ Wins Landmark Antitrust Case Against Google, Orders Sweeping Remedies to Restore Competition
  • The Cloud Runs Dry: ClawCloud Abruptly Terminates Container Services—Is Your Data Safe?
  • Beyond Plus: OpenAI Rolls Out “ChatGPT Go” with an Aggressive New Pricing Strategy for India
  • Nvidia’s “Overclocking” Rescue: The 595.76 Hotfix Arrives to Cure GPU Voltage and Cooling Woes
Track all actively exploited CVEs →

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee Logo Buy Me a Coffee PayPal
Crypto QR Code
USDT (TRC20):
TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm
USDT (ERC20):
0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce

Share this article:

Facebook Post LinkedIn Telegram
Written by
@DdoS · Security Researcher

Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.

Tags: Next-generation aircraft ID

Search

Translation

CVE WATCHTOWER
🚨

Receive alerts for vulnerabilities being exploited in the wild.

⚡

Get notified instantly when a Proof of Concept (PoC) exploit is published.

🔍

Access critical info on vulnerabilities even when marked as "RESERVED".

🧠

Insights powered by decades of expertise and global intelligence sources.

🎯

Customize alerts with up to 10 keywords for your specific tech stack.

📊

Export the raw CVE database for SIEM integration and reporting.

Upgrade Package

🚨 Active Exploits in the Wild

  • CVE-2026-1207CVSS 5.4
    An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on...
    Admin intel📅 Updated: Jul 10, 2026
  • CVE-2026-48939CVSS 10.0
    A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment...
    CISA KEV📅 Added to KEV: Jul 10, 2026
  • CVE-2026-56291CVSS 10.0
    The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files...
    CISA KEV📅 Added to KEV: Jul 10, 2026
  • CVE-2026-55255CVSS 8.4
    Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, an Insecure Direct...
    CISA KEV📅 Added to KEV: Jul 7, 2026
  • CVE-2026-48908
    A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in...
    CISA KEV📅 Added to KEV: Jul 7, 2026
  • CVE-2026-56290
    The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable...
    CISA KEV📅 Added to KEV: Jul 7, 2026
  • CVE-2026-20896CVSS 9.8
    Gitea Docker image: `REVERSE_PROXY_TRUSTED_PROXIES = *` default lets any source IP impersonate any user via `X-WEBAUTH-USER`
    Admin intel📅 Updated: Jul 6, 2026
  • CVE-2026-48282CVSS 10.0
    ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted...
    Admin intelCISA KEV📅 Added to KEV: Jul 7, 2026📅 Updated: Jul 3, 2026
Powered by CVE Watchtower

🔴 Live Critical Threats

  • CVE-2026-56271CVSS 9.8
    Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses weak hardcoded default...
  • CVE-2026-56260CVSS 9.1
    Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker...
  • CVE-2026-61447CVSS 10.0
    PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_python() that...
  • CVE-2026-61445CVSS 9.9
    PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in...
  • CVE-2026-60090CVSS 9.8
    PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the...
  • CVE-2026-57827CVSS 10.0
    The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload...
  • CVE-2026-57828CVSS 9.0
    The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file...
  • CVE-2026-14480CVSS 9.9
    OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the...
  • CVE-2026-20744CVSS 9.8
    The charging station websocket endpoint accepts connections without proper authentication, which could...
  • CVE-2026-57807CVSS 9.8
    Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security...
Powered by CVE WATCHTOWER

Our Websites
  • Penetration Testing Tools
  • The Daily Information Technology
  • Top Exploited CVEs
  • Daily CyberSecurity

    • About SecurityOnline.info
    • Advertise with us
    • Announcement
    • Contact
    • Contributor Register
    • Login
    • Disclaimer
    • DCMA
    • Privacy Policy
    • About SecurityOnline.info
    • Advertise on SecurityOnline.info
    • Contact Us

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works

    • CVE Watchtower
    • CVE Statistics by Vendor 2026
    • Q2 2026 Report
    • Top Exploited CVEs
    • Linkedin
    • Twitter
    • Facebook
    • Youtube
    © 2017 - 2026 Daily CyberSecurity. All Rights Reserved.