We review products independently, but we may earn affiliate commissions from buying links on this page. Terms of use. The Department of Homeland Security is warning owners of small aircraft to be on guard against a hack that can inject bad data into the plane's flight readings. The warning is based on research into the electronic system that collects data from a plane's sensors and displays them to the pilot. On Tuesday, security firm Rapid7 detailed how you can theoretically rig the system to display dummy data. "A pilot relying on these instrument readings would not be able to tell the difference between false data and legitimate readings, so this could result in an emergency landing or a catastrophic loss of control of an affected aircraft," Rapid7 researcher Patrick Kiley said in the report. The same attack can also manipulate the autopilot to shut down. Rapid7 verified the findings by investigating two commercially available avionics systems. It determined that only "some level of physical access" to the aircraft's wiring was needed to pull of the hack, which could be delivered by attaching a small device to the plane's Controller Area Network (CAN) bus to send the false commands. The key problem is that the CAN bus is integrated into the plane's other components without any firewalls or authentication systems in place. This means untrusted connections over a USB adapter hooked up to the plane can send commands to its electronic systems. The good news is that current industry practices and regulations prevent unsupervised access to a plane. "Even small, personal aircraft are rarely parked in unmonitored, open areas like open parking lots or public streets," Kiley said in the report. Nevertheless, relying on only one safeguard to protect an electronic system is never ideal. Kiley also points to how some aircraft are growing more complex, and adding features such as Bluetooth and Wi-Fi connectivity, which could potentially open the door for remote attacks. "Think about it: If you felt like your internal LAN was totally and completely untouchable by attackers, you probably wouldn't worry much about software patching or password management," Kiley wrote in a separate blog post. "Of course, LANs aren't impregnable, and neither are CAN bus networks, so we're worried about this mindset when it comes to avionics security." The Department of Homeland Security's cyber division is urging aircraft makers to consider network protections around the CAN bus. Aircraft owners should also make sure to restrict access to their planes. Rapid7 named no aircraft vendors in today's report, saying the goal was to focus on weaknesses with the CAN bus's architecture.
Wir nutzen Cookies auf unserer Website. Einige von ihnen sind essenziell für den Betrieb der Seite, während andere uns helfen, diese Website und die Nutzererfahrung zu verbessern (Tracking Cookies). Sie können selbst entscheiden, ob Sie die Cookies zulassen möchten. Bitte beachten Sie, dass bei einer Ablehnung womöglich nicht mehr alle Funktionalitäten der Seite zur Verfügung stehen.
We review products independently, but we may earn affiliate commissions from buying links on this page. Terms of use. The Department of Homeland Security is warning owners of small aircraft to be on guard against a hack that can inject bad data into the plane's flight readings. The warning is based on research into the electronic system that collects data from a plane's sensors and displays them to the pilot. On Tuesday, security firm Rapid7 detailed how you can theoretically rig the system to display dummy data. "A pilot relying on these instrument readings would not be able to tell the difference between false data and legitimate readings, so this could result in an emergency landing or a catastrophic loss of control of an affected aircraft," Rapid7 researcher Patrick Kiley said in the report. The same attack can also manipulate the autopilot to shut down. Rapid7 verified the findings by investigating two commercially available avionics systems. It determined that only "some level of physical access" to the aircraft's wiring was needed to pull of the hack, which could be delivered by attaching a small device to the plane's Controller Area Network (CAN) bus to send the false commands. The key problem is that the CAN bus is integrated into the plane's other components without any firewalls or authentication systems in place. This means untrusted connections over a USB adapter hooked up to the plane can send commands to its electronic systems. The good news is that current industry practices and regulations prevent unsupervised access to a plane. "Even small, personal aircraft are rarely parked in unmonitored, open areas like open parking lots or public streets," Kiley said in the report. Nevertheless, relying on only one safeguard to protect an electronic system is never ideal. Kiley also points to how some aircraft are growing more complex, and adding features such as Bluetooth and Wi-Fi connectivity, which could potentially open the door for remote attacks. "Think about it: If you felt like your internal LAN was totally and completely untouchable by attackers, you probably wouldn't worry much about software patching or password management," Kiley wrote in a separate blog post. "Of course, LANs aren't impregnable, and neither are CAN bus networks, so we're worried about this mindset when it comes to avionics security." The Department of Homeland Security's cyber division is urging aircraft makers to consider network protections around the CAN bus. Aircraft owners should also make sure to restrict access to their planes. Rapid7 named no aircraft vendors in today's report, saying the goal was to focus on weaknesses with the CAN bus's architecture.