Analyzing Privacy Breaches in the Aircraft Communications Addressing and Reporting System (ACARS) (1705.07065v1)

Abstract: The manner in which Aircraft Communications, Addressing and Reporting System (ACARS) is being used has significantly changed over time. Whilst originally used by commercial airliners to track their flights and provide automated timekeeping on crew, today it serves as a multi-purpose air-ground data link for many aviation stakeholders including private jet owners, state actors and military. Since ACARS messages are still mostly sent in the clear over a wireless channel, any sensitive information sent with ACARS can potentially lead to a privacy breach for users. Naturally, different stakeholders consider different types of data sensitive. In this paper we propose a privacy framework matching aviation stakeholders to a range of sensitive information types and assess the impact for each. Based on more than one million ACARS messages, collected over several months, we then demonstrate that current ACARS usage systematically breaches privacy for all stakeholder groups. We further support our findings with a number of cases of significant privacy issues for each group and analyze the impact of such leaks. While it is well-known that ACARS messages are susceptible to eavesdropping attacks, this work is the first to quantify the extent and impact of privacy leakage in the real world for the relevant aviation stakeholders.