This was not spoofed at the ADS-B layer. It was just spoofed to adsb exchange. (While typically a feeder contributes to multiple sites, this one didn't.) eg:
As other commenters noted, this is almost certainly not RF spoofing, just sending bad data to an aggregator (ADS-B Exchange) over the internet.
This instance of spoofing is notable for being the first that I know of that wasn't primitive vector art or text, but a raster image!
In that area of Florida multiple receivers would have picked up actual ADS-B broadcasts. ADS-B aggregators do have various anti-spoofing measures, but they're not impossible to circumvent.
The only case of actual RF spoofing of aircraft transponder signals that I know of was actually done by the U.S. Secret Service, which interfered with passenger jet collision alert systems (TCAS) by apparently broadcasting bogus signals near Ronald Reagan National Airport (KDCA): https://nymag.com/intelligencer/article/aviation-flights-whi...
(Of course if you were spoofing ADS-B RF signals you wouldn't necessarily need to be anywhere near the spoofed locations. Just like with GPS spoofing.)
The FCC and the FAA are two federal agencies that really don't want to mess with, so I hope for their sake they didn't actually spoof it. (.... I wish there were an FBB as well)
Seems like it wasn't actually spoofed radio signals, but spoofed data collection uploaded to adsbexchange. Still seems unlikely to make the FAA happy, but not as bad. I assume air traffic controllers aren't relying on adsbexchange?
I always thought that coverage of those receivers was so dense by now that you'd have multiple reports of each aircraft but apparently that's not the case.
Actually spoofing ADSB radio signals could very well land you in prison with a $100,000 fine. The FCC is very eager to find and fine you for these kinds of stunts.
Spamming flightaware is much less severe, but still... it's not cute to mess with life-safety critical infrastructure.
No real 747 flew this. It was a prank using impossible flight data via ADS-B spoofing. Ground-based “software-defined radios” (SDRs) broadcast fake transponder signals to trick ADS-B Exchange. This works because both the ADS-B & AIS systems use unencrypted, unauthenticated data.
It’s only “other” at the very last point. Go earlier in the track and it shows as “ADS-B”, but every historical real flight in this plane is MLAT (it doesn’t broadcast its precise position but it can be inferred from receivers)
ADS-B is packet data telemetry broadcast unencrypted and unauthenticated by aircraft on 1090MHz.
Anyone can receive it, and many do. FlightRadar and others have networks of people with receivers that forward all received packets to central servers.
The aircraft self-report location, heading, altitude, etc, so anyone can transmit packets making ghost planes.
I am somewhat surprised nobody has stashed an ADS-B spoofer near ATL or AMS that just broadcasts tracks of A380 tail numbers crossing the runways perpendicular at 500 ft AGL or something. They have primary radar, sure, but I imagine there would still be a temporary disruption until people figured out what was going on.
I think this is the first case I’ve seen of ADS-B spoofing in the wild.
EDIT: this was spoofed reports to the data aggregators via the internet, not broadcast on radio waves. I’ve still never seen or heard tell of RF ADS-B spoofing.
Probably is not causing traffic issues. With that said I'm sure a number of TLA's are looking into it already, so whoever did it has hopefully took a number of infosec steps not to get caught and questioned.
Most planes broadcast their position using ADS-B, and some websites collect these signals and visualize them so you can track flight paths. Somebody broadcast a fake flight path that draws a picture of JD Vance on these sites: https://globe.adsbexchange.com/?icao=adfdf9&lat=26.678&lon=-...
To expand on that, those websites mostly operate on random volunteers self hosting a (starting price) fairly cheap receiver and antenna with an open source stack that feeds the ADS-B data to the website operator in exchange for nothing or free "premium" benefits.
The spoofer could have just sent them fake location information drawing an image using latitude, longitude and altitude for color (in the default view flight paths have different colors based on the altitude of the plane at that point in time).
They could have built an antenna and actually broadcast this data, but that would be a lot more effort and most likely some form of crime.
ADS-B (Automatic Dependent Surveillance-Broadcast) is a protocol for planes to publish their positions, so help with the whole "not crashing into each other" thing. The data is mostly for pilots and air traffic control, but it is publicly available, and there's a number of sites that track the data so that you can see what planes are overhead or whatever.
Someone spoofed Airforce One's transponder, had it declare itself as "VANCE 1", and then fly a pattern to display the meme. Or lied to one or more of the major sites, pretending to be listening in on the ADS-B signals. It's unclear. Regardless, it's a very funny hack.
It’s basically the modern radar system as in it supplies the data air traffic controllers see on their screens. Civilian ATC doesn’t really use actual radars any more.
That said, TCAS (Traffic Collision Avoidance System) does not operate on flight data reported by ADS-B.
I believe this was "spoofed" only in the sense that a particular provider/online platform accepted data via an API that was abused to draw this on that platform only. Searching around it seems it was not found if you looked on other platforms, so it might not even have been a crime. I believe they didn't emit any real "signals" just took advantage of an API that should probably be better secured.
At worst it'd be a violation of the site ToS - it's a crowdsourced community data based system, and not any sort of an official, important system. The account doesn't seem to have been banned, so maybe the admins are just rolling with the joke.
Agreed with other commenters that nothing was likely actually broadcast, but if it was it would definitely be highly illegal and you’d have feds knocking down your door pretty quickly. They don’t joke around with illegal transmissions like that.
"The Government’s interpretation of the statute would attach criminal penalties to a breathtaking amount of commonplace computer activity,” Barrett wrote. “If the ‘exceeds authorized access’ clause criminalizes every violation of a computer-use policy, then millions of otherwise law-abiding citizens are criminals."
adsbexchange is a user-generated content platform where you can submit decoded radio signals to a common database. Sending fake data to adsbexchange is as much a CFAA violation as posting hoaxes to Wikipedia or a social media platform.
ADSB sites aren't any sort of official thing. You can send whatever data you want to them. Just because it's there doesn't mean it ever went over the air as an ADSB broadcast.
Assuming the FAA has the authority to enforce ADSB requirements (an open question post-Chevron), I can’t find any regulation saying non-aircrafts cannot transmit ADSB. Only ones saying aircrafts in certain categories must.
There’s probably some non-interference requirement somewhere (FCC spectrum licensing perhaps), but I’m not seeing it immediately.
All this is in the hypothetical that RF was transmitted, which as others point out it probably wasn’t.
This is easily-prosecutable willful interference or possibly aircraft sabotage: ADS-B operates in licensed bands and uses an already highly-contended modulation scheme and transmission protocol.
This was not spoofed at the ADS-B layer. It was just spoofed to adsb exchange. (While typically a feeder contributes to multiple sites, this one didn't.) eg:
- https://globe.adsb.fi/?icao=adfdf9&lat=26.678&lon=-80.030&zo...
- https://adsb.lol/?icao=adfdf9&lat=26.678&lon=-80.030&zoom=14...
Relevant discussion on r/adsb: https://www.reddit.com/r/ADSB/comments/1qp3q9n/interesting/ where they note it's also absent on FR24, airplanes.live, and theairtraffic.com.
The adsb-x feeder map: https://map.adsbexchange.com/mlat-map/ They probably won't have a hard time identifying who contributed that data.
As other commenters noted, this is almost certainly not RF spoofing, just sending bad data to an aggregator (ADS-B Exchange) over the internet.
This instance of spoofing is notable for being the first that I know of that wasn't primitive vector art or text, but a raster image!
In that area of Florida multiple receivers would have picked up actual ADS-B broadcasts. ADS-B aggregators do have various anti-spoofing measures, but they're not impossible to circumvent.
The only case of actual RF spoofing of aircraft transponder signals that I know of was actually done by the U.S. Secret Service, which interfered with passenger jet collision alert systems (TCAS) by apparently broadcasting bogus signals near Ronald Reagan National Airport (KDCA): https://nymag.com/intelligencer/article/aviation-flights-whi...
Notably, the history of this aircraft shows MLAT as the source for all tracking. This spoof is the first ads-b “track” for this plane.
But there’s so much wrong with the data: 50k ft at 80knots (ground speed!) in a 747.
(Of course if you were spoofing ADS-B RF signals you wouldn't necessarily need to be anywhere near the spoofed locations. Just like with GPS spoofing.)
The FCC and the FAA are two federal agencies that really don't want to mess with, so I hope for their sake they didn't actually spoof it. (.... I wish there were an FBB as well)
Seems like it wasn't actually spoofed radio signals, but spoofed data collection uploaded to adsbexchange. Still seems unlikely to make the FAA happy, but not as bad. I assume air traffic controllers aren't relying on adsbexchange?
Maybe not "rely" on, but some definitely use public ADS-B aggregator sites.
plus they did that right next to an airport
Depends, how much did DOGE fuck with their leadership and management.
We now have to both identify obama judges, trump judges and trump bootlickers.
It's still there as of now:
https://globe.adsbexchange.com/?icao=adfdf9&lat=26.678&lon=-...
Source:Other
There it is. Someone running a fake feeder uploaded fake data. No spoofed signals were actually sent over the radio.
I always thought that coverage of those receivers was so dense by now that you'd have multiple reports of each aircraft but apparently that's not the case.
There is overlapping coverage, yes, but the server fuses them into one entry.
Unless I'm much mistaken, the spoofed data is centered over Mar-a-Lago!
https://maps.app.goo.gl/fjqtAa2qgcWsJvFfA
https://globe.adsbexchange.com/?icao=adfdf9&lat=26.680&lon=-...
Isn't this actually illegal?
edit: op also has this, disregard
hugged but someone caught it: https://archive.is/VrEtg
Most likely they spoofed the reporting API to "FlightAware" or other ADSB crowd-data-sourced sites and didn't spoof "ADSB Signals"
Actually spoofing ADSB radio signals could very well land you in prison with a $100,000 fine. The FCC is very eager to find and fine you for these kinds of stunts.
Spamming flightaware is much less severe, but still... it's not cute to mess with life-safety critical infrastructure.
Please explain the tech.
No real 747 flew this. It was a prank using impossible flight data via ADS-B spoofing. Ground-based “software-defined radios” (SDRs) broadcast fake transponder signals to trick ADS-B Exchange. This works because both the ADS-B & AIS systems use unencrypted, unauthenticated data.
It was sent to ADSBexchange's API, not over RF. No laws were broken.
Yep, as evidenced by the "Source:Other" tag on ADSBExchange. Signals actually sent over the air would show ADS-B, TIS-B, etc, as the data source.
It’s only “other” at the very last point. Go earlier in the track and it shows as “ADS-B”, but every historical real flight in this plane is MLAT (it doesn’t broadcast its precise position but it can be inferred from receivers)
That's not true. And if you click almost anywhere else on the spoofed track it will show as Source: ADS-B.
ADS-B is packet data telemetry broadcast unencrypted and unauthenticated by aircraft on 1090MHz.
Anyone can receive it, and many do. FlightRadar and others have networks of people with receivers that forward all received packets to central servers.
The aircraft self-report location, heading, altitude, etc, so anyone can transmit packets making ghost planes.
I am somewhat surprised nobody has stashed an ADS-B spoofer near ATL or AMS that just broadcasts tracks of A380 tail numbers crossing the runways perpendicular at 500 ft AGL or something. They have primary radar, sure, but I imagine there would still be a temporary disruption until people figured out what was going on.
I think this is the first case I’ve seen of ADS-B spoofing in the wild.
EDIT: this was spoofed reports to the data aggregators via the internet, not broadcast on radio waves. I’ve still never seen or heard tell of RF ADS-B spoofing.
Fake signals are not uncommon, but mostly accidental. They are dealt with very quickly when causing traffic control problems
I'm guessing this doesn't cause traffic control problems due to the no-fly zone over that area?
Probably is not causing traffic issues. With that said I'm sure a number of TLA's are looking into it already, so whoever did it has hopefully took a number of infosec steps not to get caught and questioned.
Can someone explain what this means? Where would this have been seen?
Most planes broadcast their position using ADS-B, and some websites collect these signals and visualize them so you can track flight paths. Somebody broadcast a fake flight path that draws a picture of JD Vance on these sites: https://globe.adsbexchange.com/?icao=adfdf9&lat=26.678&lon=-...
To expand on that, those websites mostly operate on random volunteers self hosting a (starting price) fairly cheap receiver and antenna with an open source stack that feeds the ADS-B data to the website operator in exchange for nothing or free "premium" benefits.
The spoofer could have just sent them fake location information drawing an image using latitude, longitude and altitude for color (in the default view flight paths have different colors based on the altitude of the plane at that point in time).
They could have built an antenna and actually broadcast this data, but that would be a lot more effort and most likely some form of crime.
As a pilot I really hope it's the former. Broadcasting spoofed traffic at minimum would be confusing and distracting to both pilots and ATC.
> Somebody broadcast a fake flight path
They didn't actually "broadcast" anything. This was created by uploading fake data to absexchange.
No, someone probably setup a fake feeder pretending to be an ADSB receiver.
ADS-B (Automatic Dependent Surveillance-Broadcast) is a protocol for planes to publish their positions, so help with the whole "not crashing into each other" thing. The data is mostly for pilots and air traffic control, but it is publicly available, and there's a number of sites that track the data so that you can see what planes are overhead or whatever.
Someone spoofed Airforce One's transponder, had it declare itself as "VANCE 1", and then fly a pattern to display the meme. Or lied to one or more of the major sites, pretending to be listening in on the ADS-B signals. It's unclear. Regardless, it's a very funny hack.
It’s basically the modern radar system as in it supplies the data air traffic controllers see on their screens. Civilian ATC doesn’t really use actual radars any more.
That said, TCAS (Traffic Collision Avoidance System) does not operate on flight data reported by ADS-B.
Pilots and nerds that watch airplane traffic
Viewable on FlightRadar24, etc
> Where would this have been seen?
on HN, mostly
For those wondering, https://knowyourmeme.com/memes/jd-vance-edited-face-photosho...
My favorite one is "Emo JD Vance" with the heavy eyeliner and the scene haircut: https://www.amazon.com/Vance-Meme-Emo-Republican-Conservativ...
Yassified Vance, which a Republican congressman actually created and posted as a legit fan edit is also very funny: https://x.com/KatAbughazaleh/status/1841491297145634831
> "Emo JD Vance"
Oh I thought that was the angry little man, what's his name... Ben Shapiro! (Google knew what I meant.)
I had a few chuckles reading that. Thanks.
I'm disappointed it doesn't seem to have a link to this Vance/Trump 'makeup' video. https://www.reddit.com/r/StrangeAndFunny/comments/1jm9kn4/jd...
A drag makeup artist has an entire series called "Queer Eye for the MAGA Guy" on republican makeup recreations: https://www.youtube.com/watch?v=u6hK_UEGBs4&list=PLNZQj4dOgd...
This has gotta be some sort of federal crime
I believe this was "spoofed" only in the sense that a particular provider/online platform accepted data via an API that was abused to draw this on that platform only. Searching around it seems it was not found if you looked on other platforms, so it might not even have been a crime. I believe they didn't emit any real "signals" just took advantage of an API that should probably be better secured.
At worst it'd be a violation of the site ToS - it's a crowdsourced community data based system, and not any sort of an official, important system. The account doesn't seem to have been banned, so maybe the admins are just rolling with the joke.
Doubt it did anything in RF, only sent packets to adsbexchange’s web service that its volunteers feed it.
Also Adsbexchange has had some… history:
https://www.reddit.com/r/ADSB/comments/10l2euc/adsb_exchange...
https://hackaday.com/2023/01/26/ads-b-exchange-sells-up-cont...
Agreed with other commenters that nothing was likely actually broadcast, but if it was it would definitely be highly illegal and you’d have feds knocking down your door pretty quickly. They don’t joke around with illegal transmissions like that.
It's almost certainly a violation of the Computer Fraud and Abuse Act because it's an extremely broad law.
Violating terms and conditions is not a CFAA violation, per the Supreme Court case Van Buren v US (https://www.politico.com/news/2021/06/03/supreme-court-cyber...) which narrowed to actual fraud and data theft.
"The Government’s interpretation of the statute would attach criminal penalties to a breathtaking amount of commonplace computer activity,” Barrett wrote. “If the ‘exceeds authorized access’ clause criminalizes every violation of a computer-use policy, then millions of otherwise law-abiding citizens are criminals."
adsbexchange is a user-generated content platform where you can submit decoded radio signals to a common database. Sending fake data to adsbexchange is as much a CFAA violation as posting hoaxes to Wikipedia or a social media platform.
Precedent won't get in the way of a tribal retaliation. They've proven that they can't be consistent with fundamental laws they've sworn to uphold.
TBF so is your reply and mine.
ADSB sites aren't any sort of official thing. You can send whatever data you want to them. Just because it's there doesn't mean it ever went over the air as an ADSB broadcast.
An interesting question.
Assuming the FAA has the authority to enforce ADSB requirements (an open question post-Chevron), I can’t find any regulation saying non-aircrafts cannot transmit ADSB. Only ones saying aircrafts in certain categories must.
There’s probably some non-interference requirement somewhere (FCC spectrum licensing perhaps), but I’m not seeing it immediately.
All this is in the hypothetical that RF was transmitted, which as others point out it probably wasn’t.
(Assuming this were actually RF)
This is easily-prosecutable willful interference or possibly aircraft sabotage: ADS-B operates in licensed bands and uses an already highly-contended modulation scheme and transmission protocol.
No reason to believe RF when you can just upload whatever data you want
They'll probably try and make a case of wire fraud and CFAA as the usual go tos if it wasn't in RF.