A hacker with physical access to a small aircraft can exploit a controller area network (CAN) bus to alter critical in-flight gauges and measurements, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) warned in an alert.
Note: In small planes (and modern automobiles) where there is no physical connection between wing flaps, autopilot, the engine and so forth, CAN bus protocols allow microcontrollers and devices to communicate with each other in applications without a host computer.
CISA issued the alert following a report by security provider Rapid7’s researchers, who tested two commercially available avionics systems to find out if it was possible to send fake messages to the systems if an attacker could access the plane’s wiring.
Small Plane Hacker Warning: Details
“After performing a thorough investigation on two commercially available avionics systems, Rapid7 demonstrated that it was possible for a malicious individual to send false data to these systems, given some level of physical access to a small aircraft’s wiring,” the security researchers said. An attacker could potentially attach a device to an avionics CAN bus to show incorrect engine telemetry readings, incorrect compass and attitude data, and incorrect altitude, airspeed, and angle of attack data, the report said.
The result: A pilot relying on these instrument readings would not be able to tell the difference between false data and legitimate readings. If presented with bogus data, the pilot might have to make an emergency landing or could lose control of the plane. “While the impact of such an attack could be dire, we want to emphasize that this attack requires physical access, something that is highly regulated and controlled in the aviation sector,” Rapid7 said. “While we believe that relying wholly on physical access controls is unwise, such controls do make it much more difficult for an attacker to access the CAN bus and take control of the avionics systems.”
The prognosis: CAN bus security has not kept pace with that of automobiles, perhaps due to the emphasis on the physical security of aircraft, which is well regulated and tested, the report said. “CAN bus implementations often do not consider the threat model of an attacker with physical access to the shared wiring of the system,” Rapid7 said.
Small Plane Hacker Warning: Steps to Security
How can the risk of avionics CAN bus attacks based on false messages be lowered?
- Segment the CAN bus network from these other networks.
- Encourage secure designs for CAN bus itself.
Inasmuch as CAN bus remains the “preferred solution for in-vehicle networking,” there are some lessons that small aircraft manufacturers, framers, regulators and users can learn from traditional network security, the report said. “Given the state of today’s avionics technology, cyber-attacks on aircraft can be significantly more subtle than traditional kinetic attacks—and much more difficult to detect after the fact. The open-ended nature of CAN bus should be seen as an invitation for security innovation.”
“There is no reason to think that CAN bus could not enjoy a similar leveling-up of secure design,” Rapid7 said.