Fri, Aug 02, 2019
An Attacker With Access To An Airplane Could Inject False Data Into A System, Leading To Loss Of Control
The Department of Homeland Security has issued an alert warning that some modern flight systems installed in small airplanes can be vulnerable to cyber attacks, particularly if the aircraft are in an accessible area.
The alert was issued by the DHS Cybersecurity and Infrastructure Security Agency. According to the alert, a public report of insecure implementation of CAN (Controller Area Network) bus networks affecting aircraft. According to this report, the CAN bus networks are exploitable when an attacker has unsupervised physical access to the aircraft. CISA is issuing this alert to provide early notice of the report.
The report from the security firm Rapid7 indicates that an attacker with physical access to the aircraft could attach a device to an avionics CAN bus that could be used to inject false data, resulting in incorrect readings in avionic equipment. The researchers have outlined that engine telemetry readings, compass and attitude data, altitude, airspeeds, and angle of attack could all be manipulated to provide false measurements to the pilot. The researchers have further outlined that a pilot relying on instrument readings would be unable to distinguish between false and legitimate readings, which could result in loss of control of the affected aircraft.
The Associated Press reports that Rapid7 focused on systems installed in small airplanes because they are more readily available for testing, and systems installed on larger airplanes, such as airliners, use more complex systems and are subject to more stringent security requirements.
While airport access is restricted by federal law, the Rapid7 lead researcher Patrick Kiley said that such security measures can be bypassed by "someone with five minutes and a set of lock picks." Kiley said that the systems can then be fairly easy to access through the engine compartment of the airplane.
The alert does not apply to older aircraft that still use mechanical instruments, according to DHS.
More News
Airbus Racer Demonstrator Makes Inaugural Flight Airbus Helicopters' ambitious Racer demonstrator has achieved its inaugural flight as part of the Clean Sky 2 initiative, a corners>[...]
A little Bit Quieter, Said Testers, But in the End it's Still a DA40 Diamond Aircraft recently completed a little pilot project with Lufthansa Aviation Training, putting a pair of >[...]
Line Up And Wait (LUAW) Used by ATC to inform a pilot to taxi onto the departure runway to line up and wait. It is not authorization for takeoff. It is used when takeoff clearance >[...]
Contributing To The Accident Was The Pilot’s Use Of Methamphetamine... Analysis: The pilot departed on a local flight to perform low-altitude maneuvers in a nearby desert val>[...]
From 2015 (YouTube Version): Overcoming Obstacles To Achieve Their Dreams… At EAA AirVenture 2015, FedEx arrived with one of their Airbus freight-hauling aircraft and placed>[...]
Airbus Racer Helicopter Demonstrator First Flight Part of Clean Sky 2 Initiative
See All