Small Aircraft Are More Vulnerable to Hacking

This post is also available in: עברית (Hebrew)

Aircraft systems are increasingly reliant on networked communications systems, much like modern cars. The auto industry has already taken steps to address similar concerns after researchers exposed vulnerabilities. Modern flight systems are vulnerable to hacking if someone manages to gain physical access to the aircraft. 

An alert from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) announced that a security flaw of open electronics systems known as “the CAN bus” was discovered by a cybersecurity company and reported to the federal government, which found the systems are “exploitable.”

The CAN bus functions like a small plane’s central nervous system. Targeting it could allow an attacker to stealthily hijack a pilot’s instrument readings or even take control of the plane.

Most airports have security in place to restrict unauthorized access and there is no evidence that anyone has exploited the vulnerability, according to international news agencies.

Rapid7 found that an attacker could potentially disrupt electronic messages transmitted across a small plane’s network, for example by attaching a small device to its wiring, that would affect aircraft systems.

Engine readings, compass data, altitude and other readings “could all be manipulated to provide false measurements to the pilot,” according to the DHS alert.

CISA’s recommendations for the mitigation of the threat include, according to us-cert.gov, the restriction of access to planes. Manufacturers of aircraft should review the implementation of CAN bus networks to compensate for the physical attack vector. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.