DHS Warns Small Airplanes Vulnerable To Flight Data Manipulation Attacks

It has been reported the United States Department of Homeland Security’s (DHS) has issued an alert for the same, warning owners of small aircraft to be on guard against a vulnerability that could enable attackers to easily hack the plane’s CAN bus and take control of key navigation systems. The vulnerability, discovered by a cybersecurity researcher at Rapid 7, resides in the modern aircraft’s implementation of CAN (Controller Area Network) bus—a popular vehicular networking standard used in automobiles and small aircraft that allows microcontrollers and devices to communicate with each other in applications without a host computer. Rapid7 researcher Patrick Kiley demonstrated that a hacker with physical access to a small aircraft’s wiring could attach a device—or co-opt an existing attached device—to the plane’s avionics CAN bus to insert false data and communicate them to the pilot.

Experts Comments

August 02, 2019
Nigel Stanley
CTO
TUV Rheinland
Cybersecurity research in this field has to be applauded, but I remain a bit underwhelmed by the end result here. There are some challenges in executing this type of attack, and as the researcher admits physical access is key. Having piloted general aviation (GA) aircraft in the past, I get where the research is coming from but believe me there are far easier ways of damaging or disrupting light aircraft. I’d admit that many GA airfields can be remote and poorly protected, but any pilot.....Read More
Cybersecurity research in this field has to be applauded, but I remain a bit underwhelmed by the end result here. There are some challenges in executing this type of attack, and as the researcher admits physical access is key. Having piloted general aviation (GA) aircraft in the past, I get where the research is coming from but believe me there are far easier ways of damaging or disrupting light aircraft. I’d admit that many GA airfields can be remote and poorly protected, but any pilot worthy of the title should pick up the tell-tale traces of such an attack in the pre-flight walk around. Avionics are notoriously difficult to mess with and unless you really know what you are doing you will likely disable other systems or components by mistake. I would have been more enthused by the research if it was discovered that the CAN bus implementations had some form of cryptographic primitives in place! Bad weather, ego and inexperience are more likely to kill or injure a private pilot than this type of cyber-attack.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.