Vulnerability Management

DHS warns small aircraft are vulnerable to cyberattacks from those with physical access

The Department of Homeland Security (DHS) issued a warning that small aircraft can easily be hacked by threat actors who have physical access to the vehicles.

By hacking into the aircrafts’ CAN bus system, threat actors can take control of key navigation systems and easily manipulate telemetry data potentially resulting in loss of control of the airplane, according to a July 30 US-CERT advisory.

“An attacker with physical access to the aircraft could attach a device to an avionics CAN bus that could be used to inject false data, resulting in incorrect readings in avionic equipment,” the DHS said in the advisory. “The researchers have outlined that engine telemetry readings, compass and attitude data, altitude, airspeeds, and angle of attack could all be manipulated to provide false measurements to the pilot.” 

In order to mitigate the threat, CISA recommends aircraft owners restrict access to planes to the best of their abilities. In addition, manufacturers should review implementation of CAN bus networks to compensate for the physical attack vector including taking measures to safeguard such as CAN bus-specific filtering, whitelisting, and segregation.   

 “Organizations spend a lot of time worrying about external attacks but nothing is as effective as having physical access to a system or asset,” Tripwire senior director of security research Lamar Bailey said. 

“The ability to directly connect to a system allows the attacker to bypass many of the layers of security in place for remote defense. Insider threat is still one of the most dangerous and hardest to defend against.”  

Exabeam Director of Product Marketing Orion Cassetto said the alert around aircraft cybersecurity should serve as a reminder to the entire aviation industry of the opportunities and challenges presented by modern connectivity.

“Every month, there are 1,000 cyberattacks across the air transport industry,” Cassetto said. “At the same time, just 35 percent of airlines and 30 percent of airports believe they are prepared to deal with cyberthreats today. The industry is constantly innovating to stay ahead of the technology curve, but these innovations are actually creating new vulnerabilities.” 

Cassetto added that airlines are implementing emerging technologies, from mobile apps to mood lighting and entertainment systems to deliver a great customer experience that extends from purchasing a ticket, to using miles to upgrade, to making a connection.

All the while, more data than ever is being used to protect passenger privacy and keep departures on time. 

An area that’s less visible to passengers is the activity monitoring and data collection airlines conduct across a wide range of applications. This information is used to improve operations that impact every stage of the journey as machine learning, big data and analytics are all being used to gather data and set a baseline of normal behavior, which makes threats and anomalous behavior easier and faster to identify. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.