Fri, Aug 02, 2019
An Attacker With Access To An Airplane Could Inject False Data Into A System, Leading To Loss Of Control
The Department of Homeland Security has issued an alert warning that some modern flight systems installed in small airplanes can be vulnerable to cyber attacks, particularly if the aircraft are in an accessible area.
The alert was issued by the DHS Cybersecurity and Infrastructure Security Agency. According to the alert, a public report of insecure implementation of CAN (Controller Area Network) bus networks affecting aircraft. According to this report, the CAN bus networks are exploitable when an attacker has unsupervised physical access to the aircraft. CISA is issuing this alert to provide early notice of the report.
The report from the security firm Rapid7 indicates that an attacker with physical access to the aircraft could attach a device to an avionics CAN bus that could be used to inject false data, resulting in incorrect readings in avionic equipment. The researchers have outlined that engine telemetry readings, compass and attitude data, altitude, airspeeds, and angle of attack could all be manipulated to provide false measurements to the pilot. The researchers have further outlined that a pilot relying on instrument readings would be unable to distinguish between false and legitimate readings, which could result in loss of control of the affected aircraft.
The Associated Press reports that Rapid7 focused on systems installed in small airplanes because they are more readily available for testing, and systems installed on larger airplanes, such as airliners, use more complex systems and are subject to more stringent security requirements.
While airport access is restricted by federal law, the Rapid7 lead researcher Patrick Kiley said that such security measures can be bypassed by "someone with five minutes and a set of lock picks." Kiley said that the systems can then be fairly easy to access through the engine compartment of the airplane.
The alert does not apply to older aircraft that still use mechanical instruments, according to DHS.
More News
Aero Linx: Airborne Public Safety Association (APSA) The Airborne Public Safety Association - APSA - is a 501(c)(3) non-profit educational, individual membership organization, foun>[...]
Marker Beacon An electronic navigation facility transmitting a 75 MHz vertical fan or boneshaped radiation pattern. Marker beacons are identified by their modulation frequency and >[...]
Airplane Entered An Aerodynamic Stall And Began An Uncommanded Left Turn Analysis: The pilot stated that he was departing at the time of the accident. As the airplane became airbor>[...]
Also: Van Celebrates 85th, Trio Pro Pilot Autopilot, Joby on MSFS24, Sonex Transition The BushCat was manufactured in South Africa by SkyReach beginning in 2014, selling its first >[...]
Also: USAFA Hotel FlightSims, Medevac-King Airs, University of Dubuque, Trump’s Transportation Secretary Pick The Royal Canadian Air Force (RCAF) announced it will stand down>[...]