Vulnerabilities

DHS warns about vulnerabilities in small Airplanes

0

The US Department of Homeland Security cyber-security department (CISA) has issued a security alert that warns all owners of small airplanes regarding the vulnerabilities that could be exploited to alter airplane telemetry.

The vulnerabilities lies in avionics which is the electronic equipment fitted in an aircraft and more specifically inside a small aircraft’s CAN bus.

A Controller Area Network (CAN bus) component is fitted inside different vehicles like planes, cars, airplanes, boats and they act as a central network through which other components communicate with each other.

Any attacker having physical access to the aircraft could attach a device to an avionics CAN bus that could be used to inject false data, resulting in incorrect readings in avionic equipment.

Patrick Kiley, a security researcher from the cybersecurity firm Rapid7, published a report about vulnerabilities in various CAN bus components sold by two vendors. Following this the CISA has sent the security alert.

According to Kiley an attacker with access to a plane’s CAN bus could use these vulnerabilities to alter engine telemetry readings, compass and attitude data, altitude, airspeeds, and angle of attack.

If these vulnerabilities are exploited, it provides false readings to pilots, and lead to crashes or other incidents involving small aircraft.

Kiley will be presenting his work at the Avionics Village at the DEFCON security conference to be held in two weeks.

The security researcher published a blog post in which he highlighted that the aviation industry is lagging behind the automotive industry when it comes to cyber-security.

The airplane manufacturers are failing at preventing access to planes’ CAN bus. He states that cars are easily accessible as the people leave them parked on streets. While the airplanes exist in a much more secure environment that includes a lot of physical security controls.

 Kiley wanted the aviation industry to be aware of this issue so that they could secure CAN buses with stronger defensive measures.

 CISA recommends that aircraft owners must restrict access to planes avionics’ components to the best of their abilities.

Capital One Data Breach impacts 106 Million Customers

Previous article

Critical Flaws in ‘OXID eShop’ Software

Next article

You may also like

Comments

Leave a reply

Your email address will not be published. Required fields are marked *