GDL90fuzz: Fuzzing-GDL-90 Data Interface Specification Within Aviation Software and Avionics Devices-A Cybersecurity Pentesting Perspective

As the core technology of next-generation air transportation systems, the Automatic Dependent Surveillance-Broadcast (ADS-B) is becoming very popular. However, many (if not most) ADS-B devices and implementations support and rely on Garmin's Datalink 90 (GDL-90) protocol for data exchange and encapsulation. This makes it essential to investigate the integrity of the GDL-90 protocol especially against attacks on the core subsystem availability, such as denial-of-service (DoS), which pose high risks to safety-critical and mission-critical systems such as in avionics and aerospace. In this paper, we consider GDL-90 protocol fuzzing options and demonstrate practical DoS attacks on popular electronic flight bag (EFB) software operating on mobile devices. Then we present our own specially configured avionics pentesting platform and the GDL-90 protocol. We captured legitimate traffic from ADS-B avionics devices. We ran our samples through the state-of-the-art fuzzing platform American Fuzzy Lop (AFL) and fed the AFL's output to EFB apps and the GDL-90 decoding software via the network in the same manner as legitimate GDL-90 traffic would be sent from ADS-B and other avionics devices. The results showed worrying and critical lack of security in many EFB applications where the security is directly related to the aircraft's safe navigation. Out of the 16 tested configurations, our avionics pentesting platform managed to crash or otherwise impact 9 (56%). The observed problems manifested as crashes, hangs, and abnormal behaviors of the EFB apps and GDL-90 decoders during the fuzzing test. Our developed and proposed systematic pentesting methodology for avionics devices, protocols, and software can be used to discover and report vulnerabilities as early as possible.