22:45 GMT28 October 2020
Listen Live
    US
    Get short URL
    0 04
    Subscribe

    A security alert issued by the US Department of Homeland Security (DHS) recommends plane owners restrict access to their aircraft after authorities were made aware of a system flaw present in the planes’ Controller Area Network (CAN bus) which exposes them to hacking.

    The DHS’ Cybersecurity and Infrastructure Security Agency (CISA) informed aircraft owners Tuesday to take extra precautions in restricting access to the planes until the aviation industry addresses and introduces necessary security features to protect small planes’ CAN bus network.

    An attacker with physical access to the aircraft could attach a device to an avionics CAN bus that could be used to inject false data, resulting in incorrect readings in avionic equipment,” the Tuesday notice reads. “[Engine] telemetry readings, compass and attitude data, altitude, airspeeds, and angle of attack could all be manipulated to provide false measurements to the pilot.

    With the system unable to deliver accurate readings, the pilot could ultimately lose control of the aircraft, resulting in a fatal crash.

    The vulnerability disclosure report was delivered to the DHS by software company Rapid7 after approximately two years of research and is solely focused on smaller aircraft due to their more simplistic systems. Additional security measures are already present within larger planes.

    The Associated Press reported that Patrick Kiley, a senior security consultant and the lead researcher on this issue, said someone only needs “five minutes and a set of lock picks” to get gain access to an aircraft or enter a plane “through the engine compartment.”

    After gaining access, the hacker would have free reign over the small aircraft’s entire control system. In a Rapid7 statement obtained by the AP, cybersecurity expert Chris King explained that the CAN bus, which acts as the plane’s “central nervous system,” lacks security features because “it was never designed to be in an adversarial environment.”

    Manufacturers must now review the CAN bus and figure out the proper protections that would block a potential attack.

    The DHS’ release notes that strides have been made in the automotive industry in handling similar issues with their own CAN buses, but addressing aircraft systems is expected to a more difficult task due to the longer “manufacturing cycle” of a plane, according to Kiley.

    “Safeguards such as CAN bus-specific filtering, whitelisting, and segregation should also be evaluated by aircraft manufacturers,” reads the second section of the notice. It also highlighted that in developing these new security measures, manufacturers must engage in “proper impact analysis and risk assessment” prior to their implementation.

    Related:

    US’ Moscow Hacking Charge ‘Pales in Comparison’ to Cyberwar on Russian Electrical Grid
    Hacked Self-Driving Cars Will Create Chaos Say US Researchers - Report
    Trump Says There 'May or May Not Be National Security Concerns' in Regards to Google-China Ties
    Flight Cancelations Spike As FAA Identifies New ‘Potential Risk’ in Boeing’s 737 MAX 8
    ‘Lives Are Not For Sale’: FAA’s Lax Oversight Lets Boeing Call the Shots
    Tags:
    hackers, hacker, hacking, hacking, computer network exploitation, security, security, aircraft, aircraft, planes, US Department of Homeland Security, Department of Homeland Security (DHS), Department of Homeland Security, Department of Homeland Security
    Community standardsDiscussion