Unknown Target: Uncovering and Detecting Novel In-Flight Attacks to Collision Avoidance (TCAS)
Giacomo Longo
Network and Distributed System Security (NDSS) Symposium 2026 · Day 2 · Wireless Security
Giacomo Longo presents groundbreaking research analyzing what may be the **first real-world cyber attack against aircraft collision avoidance systems (TCAS)**. On March 1, 2025, at Washington National Airport (DCA), 10 aircraft experienced false Traffic Advisory (TA) and Resolution Advisory (RA) alerts over a three-hour period, with 3 planes forced to abort their landings -- all caused by a phantom aircraft that no pilot could see visually or detect via radio. Using open-source ADS-B data and a novel **Sequential Monte Carlo localization system**, the researchers determined with **94% probability** that the attack originated from a fixed position within area **P-56 Bravo** near the Potomac River in Washington, DC. The work also demonstrates three new Mode C injection techniques that could produce the observed effects, validated with an RF SOC FPGA implementation against a RAMP tester. This research carries significant implications: it may represent the first confirmed radio-based cyber attack against aircraft in history.
AI review
The first analysis of a probable real-world cyber attack against aircraft collision avoidance systems, combining novel Mode C injection techniques validated on aviation test equipment with a particle-filter localization system that placed the Washington DCA attacker within area P-56 Bravo with 94% probability. This is real-world exploitation of critical infrastructure RF protocols with active CISA/FAA investigation. Textbook example of security research that matters.