ADS-B Security Vulnerabilities: Why Aviation Surveillance Remains Unencrypted

On any given day, tens of thousands of aircraft broadcast their precise position, altitude, velocity, and identity in plaintext over unencrypted radio frequencies. Anyone with a Software Defined Radio costing less than $30 can receive and decode these transmissions. This is not a flaw waiting to be discovered — it is a fundamental design characteristic of the Automatic Dependent Surveillance–Broadcast (ADS-B) system, the backbone of modern air traffic surveillance mandated across most of the world's airspace. FlySafe analysis shows that despite more than a decade of documented security concerns, ADS-B communications remain entirely unencrypted, creating a persistent challenge for aviation safety stakeholders.

This article examines the technical architecture behind ADS-B's lack of cryptographic protection, the specific vulnerabilities that result, and the practical reasons encryption has not been implemented — along with the mitigation strategies that regulators and industry have developed in its absence.

How ADS-B Works — And Why It Broadcasts in the Clear

ADS-B was designed as a cooperative surveillance technology to replace aging radar infrastructure. Aircraft equipped with ADS-B Out transponders derive their position from GPS and broadcast it, along with a unique 24-digit ICAO address, call sign, altitude, heading, and velocity, on the 1090 MHz frequency. These broadcasts occur approximately once per second and are received by ground stations, other aircraft (via ADS-B In), and — critically — anyone within radio range.

The system was conceived in the 1990s and standardized at a time when the aviation community prioritized interoperability, range, and cost-effectiveness over data confidentiality. The 1090 MHz Extended Squitter (1090ES) protocol, which carries ADS-B messages, was built on top of the existing Mode S transponder infrastructure. Mode S itself, along with its predecessors Mode A and Mode C, carries no cryptographic safeguards. Voice communication between air traffic control and pilots is similarly unencrypted. In other words, ADS-B inherited a surveillance ecosystem where openness was not a bug — it was the operating principle.

The FAA's NextGen program and EUROCONTROL's SESAR initiative both mandated ADS-B equipage precisely because of its broadcast nature: the more participants that can receive the data, the better the shared situational awareness. Adding encryption would fundamentally alter this cooperative model, requiring key management infrastructure across every aircraft, ground station, and receiving system worldwide.

The Vulnerability Landscape: What Unencrypted ADS-B Exposes

The security implications of broadcasting plaintext surveillance data have been extensively documented by researchers, government agencies, and international bodies. The vulnerabilities fall into several distinct categories.

Eavesdropping and Tracking

Because ADS-B message content is not encrypted, it may be read by anybody. Real-time aircraft position data, including altitude, origin, destination, call sign, and current heading, can be obtained from internet databases that aggregate ADS-B feeds. Networks such as the OpenSky Network operate as open-source air traffic services providing live data globally, collected from distributed ADS-B receivers. While this transparency benefits aviation enthusiasts and researchers, it also means that specific aircraft — including those operated by government agencies, private individuals, or sensitive flights — can be tracked in real time by any interested party.

Spoofing and Ghost Aircraft Injection

The most operationally significant vulnerability is the ability to generate and broadcast false ADS-B messages. As documented in research conducted for the FAA's NextGen program, a motivated individual could inject false targets into the system or prevent legitimate targets from being displayed. Because ADS-B includes no built-in methods for authenticating signal sources, the system has no native mechanism to distinguish a genuine aircraft transmission from a fabricated one.

A 2012 security demonstration publicly highlighted that ADS-B has no defense against interference via spoofed messages because transmissions are neither encrypted nor authenticated. The practical result: false aircraft — so-called ghost targets or phantom aircraft — can appear on air traffic controller displays, potentially triggering unnecessary separation maneuvers or creating confusion in high-density airspace.

The commercial availability of inexpensive Software Defined Radios has made the technical barrier to such activities remarkably low. According to academic research on ADS-B cybersecurity, these attacks are characterized as low-cost and low-effort, requiring only commercially available hardware and publicly documented protocols.

Message Modification and Deletion

Beyond injecting entirely new messages, attackers can modify legitimate transmissions. Research published through the DiVA academic portal documents that message modification attacks can be executed using a combination of message deletion followed by injection, through bit manipulation of the ADS-B message, or by overshadowing the actual message by transmitting a modified version at higher signal power. These techniques allow an adversary to alter the apparent position, altitude, or identity of a real aircraft rather than creating an entirely fictitious one — a potentially more dangerous scenario because the modified data corresponds to an actual flight.

Jamming and Signal Denial

The susceptibility of ADS-B to radio frequency jamming represents an availability threat distinct from data integrity attacks. As noted in a 2025 analysis of ADS-B security measures, jamming poses elevated risk in areas with significant RF interference or in regions where deliberate signal disruption may occur. For aircraft relying on ADS-B In for traffic awareness, loss of signal means loss of awareness of surrounding traffic — a particularly acute concern for unmanned aircraft systems (UAS) that depend on ADS-B In for automated collision avoidance.

UAS-Specific Risks

The FAA's ASSURE research program has documented risks specific to unmanned operations. A false ADS-B In signal could theoretically be used to direct an automated UAS to fly into infrastructure, terrain, or controlled airspace by manipulating the collision avoidance logic that relies on ADS-B traffic data. As UAS operations scale — particularly unmanned cargo transport and remotely piloted passenger transport — this vulnerability class grows in operational significance.

Why Encryption Has Not Been Implemented

Given that these vulnerabilities have been publicly discussed since at least 2006, the question of why ADS-B remains unencrypted deserves careful examination. The answer lies in a combination of technical constraints, economic realities, and systemic design trade-offs.

Backward Compatibility and Global Interoperability

ADS-B operates within a global ecosystem of legacy systems. Any cryptographic solution must remain compatible with Mode S transponders, existing ground infrastructure in over 190 ICAO member states, and aircraft avionics with certification lifespans measured in decades. Symmetric-key encryption using an algorithm like AES has been proposed in academic literature, which would provide confidentiality by making messages unintelligible to those without knowledge of the secret key. However, implementing such a scheme would require every ADS-B receiver — including ground stations, other aircraft, and surface vehicles — to possess and manage cryptographic keys.

Format-preserving encryption, which would encrypt ADS-B data while maintaining the same message structure and bit length, has been explored as a theoretical approach. In practice, it faces fundamental constraints: the 1090ES message format allows only 112 bits per transmission, leaving minimal room for authentication tags, key identifiers, or the overhead that any practical cryptographic scheme requires. The bandwidth constraint is not a software limitation that can be patched — it is a hardware-level radio protocol characteristic embedded in millions of installed transponders worldwide.

The Key Distribution Problem

Even if a suitable encryption algorithm could be adapted to ADS-B's bandwidth constraints, distributing and managing cryptographic keys across the global aviation fleet presents an unsolved logistical challenge. Aircraft cross international boundaries routinely. A flight from Singapore to London may pass through a dozen Flight Information Regions administered by different national authorities. Each ground station, each receiving aircraft, and each ATC facility along the route would need access to the decryption keys — in real time, with zero tolerance for failure. A key management failure would mean aircraft disappearing from surveillance displays, a safety outcome far worse than the vulnerabilities encryption aims to address.

The Selective Encryption Paradox

Proposals to encrypt only certain categories of aircraft — for example, private aviation or government flights — while leaving commercial and cargo aircraft unencrypted introduce their own complications. Selective encryption effectively creates a two-tier surveillance system and may paradoxically highlight the very aircraft the encryption is intended to protect. If only 5% of aircraft in a given airspace are transmitting encrypted ADS-B, those encrypted tracks become immediately conspicuous by their opacity. The security benefit of confidentiality is partially negated by the metadata leakage inherent in selective adoption.

Regulatory and Certification Inertia

Aviation certification processes are deliberately conservative. Any modification to ADS-B transponder hardware or software requires extensive testing, certification by national authorities (FAA, EASA, and equivalents), and coordinated implementation timelines. The MOPS (Minimum Operational Performance Standards) for the next generation of ADS-B — version 3 — was already finalized without incorporating GNSS RFI status information, with an ongoing investigation to add it retroactively. If a relatively straightforward data field addition faces this timeline, the prospect of retrofitting cryptographic protocols into the standard — and then into the global fleet — extends well beyond any near-term planning horizon.

Mitigation Strategies in Practice

The aviation industry has not ignored ADS-B's security limitations. Instead, it has pursued a layered defense strategy that acknowledges encryption is not forthcoming and focuses on detection, validation, and redundancy.

Multilateration and Radar Cross-Validation

The most established countermeasure is cross-referencing ADS-B data against independent surveillance sources. Primary radar — which detects aircraft through reflected radio energy and does not depend on any cooperative broadcast — provides a verification layer. Multilateration (MLAT) systems verify an aircraft's claimed position by comparing the timing of received messages across multiple ground stations to establish distances from each antenna to the aircraft. If an ADS-B position report does not correlate with the MLAT-derived position or primary radar return, the data can be flagged or rejected.

Airspace status: in regions where primary radar coverage remains available, the lack of ADS-B encryption is operationally mitigated by this redundancy. The concern is greatest in oceanic, polar, and remote continental airspace where radar coverage does not exist and ADS-B is the sole surveillance source.

Anti-Spoofing Algorithms and AI-Based Detection

ICAO has documented the development of anti-spoofing algorithms deployed at receiver and air traffic management system level. These algorithms analyze ADS-B message streams for anomalies: unexpected position jumps, physically impossible velocity changes, duplicate ICAO addresses, or tracks that deviate from filed flight plans. As described in an ICAO presentation on ADS-B spoofing, a key symptom of receiver spoofing is that additional or duplicate aircraft will appear on the controller's display — a pattern that automated systems can be trained to detect.

Machine learning ensemble models are increasingly applied to this problem. Analysis indicates that artificial intelligence can be employed to develop real-time detection tools based on patterns in received ADS-B messages, identifying anomalies that rule-based systems might miss. FlySafe analysis shows that these detection capabilities represent a significant area of ongoing development across the industry.

Alternative Navigation and Position Sources

The FAA's ASSURE program has evaluated multiple alternative position sources that can serve as cross-checks against potentially compromised GPS and ADS-B data. These include cellular signal navigation, optical flow, geomagnetic navigation, and the Eichelberger's Collective Detection method, which received high effectiveness ratings in testing. For UAS operations, the ability to override automated collision avoidance based on unvalidated ADS-B In tracks has been specifically recommended as a mitigation.

Affected routes: operations in airspace where GNSS interference has been documented — particularly portions of the Eastern Mediterranean, Middle East, and Baltic regions based on publicly available NOTAMs — face compounded risk when both GPS and ADS-B data may be unreliable simultaneously.

Infrastructure Hardening

For ground-based ADS-B infrastructure, physical and network security measures provide additional protection. Recommendations include using data transmission lines that are less prone to interception, such as fiber optics, and transmitting ADS-B data via redundant paths to prevent single points of failure.

Implications for Operators and Flight Planning

Recommendation: airlines and operators should treat ADS-B data as one input among several in their surveillance picture, not as a sole source of truth. Flight planning through airspace where GNSS interference has been reported via NOTAM should account for the possibility that ADS-B data may also be degraded or unreliable, given the system's dependence on GPS-derived position.

Airlines have rerouted operations in several regions where the integrity of satellite-based navigation and surveillance has been affected by operational factors. Based on publicly available NOTAMs, multiple FIRs have carried warnings related to GNSS interference that directly affect ADS-B reliability. Operators should monitor EASA Safety Information Bulletins and ICAO State Letters for current guidance on affected areas.

For private and business aviation operators, the transparency of ADS-B broadcasts means that flight activity is inherently public information. While regulatory blocking programs exist in some jurisdictions, the technical reality of unencrypted broadcast means that any receiver within range can capture the data independently of these programs.

Frequently Asked Questions

Why has ADS-B encryption not been implemented if the vulnerabilities have been known for years?

The barriers are primarily practical rather than theoretical. The 1090ES protocol allows only 112 bits per message, leaving insufficient room for cryptographic overhead. More critically, distributing and managing encryption keys across the entire global aviation fleet — spanning aircraft, ground stations, and ATC facilities across 190-plus nations — remains an unsolved logistical problem. The FAA has stated it is aware of the risks but has not disclosed specific mitigation details, noting that information is classified.

How can phantom aircraft appear on air traffic controller displays through spoofing?

An individual with an inexpensive Software Defined Radio and knowledge of the publicly documented ADS-B message format can generate and broadcast messages containing a fabricated ICAO address and position data. Because ADS-B includes no source authentication, receiving systems have no native mechanism to distinguish these fabricated transmissions from legitimate ones. The result is a target appearing on displays that corresponds to no physical aircraft. Countermeasures rely on cross-validation against radar, multilateration, and algorithmic anomaly detection.

What is the difference between ADS-B spoofing and message injection in terms of operational impact?

Spoofing typically refers to creating entirely fictitious aircraft tracks by broadcasting false messages with fabricated identifiers. Injection attacks focus on corrupting the data flow of existing legitimate targets — altering reported position, altitude, or velocity through techniques like overshadowing genuine transmissions with higher-power modified signals. Injection attacks are potentially more dangerous because they affect data associated with real aircraft, making them harder to detect and more likely to trigger inappropriate controller actions.

Can selectively encrypting only private aircraft create new vulnerabilities?

Selective encryption introduces a metadata leakage problem. If only a small percentage of aircraft transmit encrypted ADS-B, those opaque tracks become conspicuous against the majority of unencrypted traffic. This paradoxically identifies the aircraft category the encryption was intended to protect, potentially enabling the very tracking it aimed to prevent — while adding no security benefit to the unencrypted majority.

Key Takeaway

ADS-B's lack of encryption is not an oversight awaiting a simple technical fix. It is a systemic characteristic rooted in the protocol's design philosophy, bandwidth constraints, and the global scale of aviation surveillance infrastructure. The industry's response has been pragmatic: layered defenses combining radar cross-validation, multilateration, anomaly detection algorithms, and operational procedures that treat ADS-B as one component of a multi-source surveillance picture.

FlySafe continues to monitor developments in ADS-B security through analysis of publicly available NOTAMs, regulatory bulletins, and academic research. For current airspace risk assessments and route-specific guidance, FlySafe provides data-driven analysis to support informed operational decision-making.

Analysis based on publicly available data only.