Hacking Alert Issued for Small Planes

July 31, 2019

The Department of Homeland Security issued a security alert for small planes, warning that modern flight systems are vulnerable to hacking if someone manages to gain physical access to the aircraft.

An alert from the DHS critical infrastructure computer emergency response team says that CISA is aware of a public report of insecure implementation of CAN bus networks affecting aircraft. According to the report, the CAN bus networks are exploitable when an attacker has unsupervised physical access to the aircraft.

The alert says, "An attacker with physical access to the aircraft could attach a device to an avionics CAN bus that could be used to inject false data, resulting in incorrect readings in avionic equipment. The researchers have outlined that engine telemetry readings, compass and attitude data, altitude, airspeeds, and angle of attack could all be manipulated to provide false measurements to the pilot. The researchers have further outlined that a pilot relying on instrument readings would be unable to distinguish between false and legitimate readings, which could result in loss of control of the affected aircraft."

CISA recommends aircraft owners restrict access to planes to the best of their abilities. Manufacturers of aircraft should review implementation of CAN bus networks to compensate for the physical attack vector. The automotive industry has made advancements in implementing safeguards that hinder similar physical attacks to CAN bus systems. Safeguards such as CAN bus-specific filtering, whitelisting, and segregation should also be evaluated by aircraft manufacturers.

CISA also provides a section for control systems security recommended practices on the ICS webpage on us-cert.gov.

In response, Ed Bolen,President and CEO of the National Business Aviation Association, told Security magazine: "The reason such a relatively complex scenario hasn’t unfolded – the reason TSA audits have never found general aviation airplanes to be a security concern – is that the industry has always made security a top priority, with a host of measures that harden aircraft from threats. An Airport Watch program includes a toll-free reporting number directly to the TSA. Pilots carry tamper-resistant, government issued ID, and passengers on many general aviation flights undergo strict background checks. The government cross-checks records for airmen, and monitors aircraft sales to find suspicious activity."

Developing Mutually Beneficial Public/Private Partnerships in Security

This webinar will offer industry best practices to help your security team create or expand a sustainable program that aids in the fulfillment of your organization’s goals and objectives, while assisting your local agencies in fulfilling some of theirs as well — ultimately offering stronger security and response across both.

This year promises to build on the technological and business model innovations of last year, refine their value propositions, and play a key part for organizations who are navigating through covid-19 and planning for a post-Covid era.

Poll

Video Surveillance

View Results

Poll Archive

Products

Effective Security Management, 7th Edition

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

See More Products

Hacking Alert Issued for Small Planes

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

Hacking Alert Issued for Small Planes

Related Articles

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.