US warns small aircraft are vulnerable to cyber-attacks from those with physical access

News by Robert Abel

In order to mitigate the threat, CISA recommends aircraft owners restrict access to planes to the best of their abilities

The US Department of Homeland Security (DHS) issued a warning that small aircraft can easily be hacked by threat actors who have physical access to the vehicles.

By hacking into the aircrafts’ CAN bus system, threat actors can take control of key navigation systems and easily manipulate telemetry data potentially resulting in loss of control of the airplane, according to a US-CERT advisory on 30 July.

"An attacker with physical access to the aircraft could attach a device to an avionics CAN bus that could be used to inject false data, resulting in incorrect readings in avionic equipment," the DHS said in the advisory. "The researchers have outlined that engine telemetry readings, compass and attitude data, altitude, airspeeds, and angle of attack could all be manipulated to provide false measurements to the pilot." 

In order to mitigate the threat, the Cybersecurity and Infrastructure Security Agency (CISA) recommends aircraft owners restrict access to planes to the best of their abilities. In addition, manufacturers should review implementation of CAN bus networks to compensate for the physical attack vector including taking measures to safeguard such as CAN bus-specific filtering, whitelisting, and segregation.   

 "Organisations spend a lot of time worrying about external attacks but nothing is as effective as having physical access to a system or asset," Tripwire senior director of security research Lamar Bailey said. 

"The ability to directly connect to a system allows the attacker to bypass many of the layers of security in place for remote defense. Insider threat is still one of the most dangerous and hardest to defend against."  

Exabeam Director of Product Marketing Orion Cassetto said the alert around aircraft cybersecurity should serve as a reminder to the entire aviation industry of the opportunities and challenges presented by modern connectivity.

"Every month, there are 1,000 cyberattacks across the air transport industry," Cassetto said. "At the same time, just 35 percent of airlines and 30 percent of airports believe they are prepared to deal with cyberthreats today. The industry is constantly innovating to stay ahead of the technology curve, but these innovations are actually creating new vulnerabilities." 

Cassetto added that airlines are implementing emerging technologies, from mobile apps to mood lighting and entertainment systems to deliver a great customer experience that extends from purchasing a ticket, to using miles to upgrade, to making a connection.

All the while, more data than ever is being used to protect passenger privacy and keep departures on time. 

An area that’s less visible to passengers is the activity monitoring and data collection airlines conduct across a wide range of applications. This information is used to improve operations that impact every stage of the journey as machine learning, big data and analytics are all being used to gather data and set a baseline of normal behavior, which makes threats and anomalous behavior easier and faster to identify. 

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews