Vulnerabilities Identified in TCAS II Collision Avoidance System
/ 1 min read
✈️🔍 Vulnerabilities in TCAS II highlight risks to midair collision avoidance systems. A recent report by Cyble identified two vulnerabilities in the Traffic Alert and Collision Avoidance System (TCAS) II, which could potentially be exploited from adjacent networks, although they are currently deemed low risk. The first vulnerability, CVE-2024-9310, involves untrusted inputs that could lead to false aircraft displays, while the second, CVE-2024-11166, allows attackers to disable critical safety features. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has acknowledged these flaws, emphasizing the need for improved security measures in transportation systems. Cyble’s report also outlines recommendations for mitigating vulnerabilities in industrial control systems, including adopting a Zero-Trust Policy and conducting regular security assessments.
