Automatic Dependent Surveillance – Contract (ADS-C) is a satellite-based aviation datalink application used to monitor aircraft in remote regions. It is a crucial method for air traffic control to track aircraft where other protocols such as ADS-B lack connectivity. Even though it has been conceived more than 30 years ago, and other legacy communication protocols in aviation have shown to be vulnerable, ADS-C’s security has not been investigated so far in the literature. We conduct a first investigation to close this gap. First, we compile a comprehensive overview of the history, impact, and technical details of ADS-C and its lower layers. Second, we build two software-defined radio receivers in order to analyze over 120’000 real-world ADS-C messages. We further illustrate ADS-C’s lack of authentication by implementing an ADS-C transmitter, which is capable of generating and sending arbitrary ADS-C messages. Finally, we use the channel control offered through a software-defined ADS-C.