This document discusses security issues with the Automatic Dependent Surveillance-Broadcast (ADS-B) system used for air traffic surveillance. ADS-B broadcasts airplane location and other information in unencrypted plain text, allowing anyone to track or impersonate aircraft. The authors analyzed the firmware update process for a Stratus transponder and iPad app to identify ways to inject malicious firmware that could cause mid-air collisions by transmitting incorrect location data. They captured firmware updates and are analyzing the binaries to understand encryption and find encryption keys to modify the firmware. Future work involves further analyzing the onboard memory and firmware to decrypt it fully and modify it for attacks.