The IT security researchers at Rapid7 have reported a critical vulnerability in the modern flight systems of small planes allowing hackers with physical access to take control of targeted aircraft.
The US Department of Homeland security’s Cybersecurity and Infrastructure Security Agency (CISA) has also acknowledged the issue. The security advisory issued Tuesday stated that the vulnerability (ICS-ALERT-19-211-01) exists in Controller Area Network (CAN bus) of small aircraft which work as the backbone in not only planes but also play a vital role in cars and buses.
Furthermore, the vulnerability would also allow attackers to access engine readings, compass data, altitude, and other readings and manipulate to provide false measurements to the pilot.
“An attacker with physical access to the aircraft could attach a device to avionics CAN bus that could be used to inject false data, resulting in incorrect readings in avionic equipment,” CISA said in the advisory. “The researchers have outlined that engine telemetry readings, compass and attitude data, altitude, airspeeds, and angle of attack could all be manipulated to provide false measurements to the pilot.”
To mitigate the threat, CISA is advising small aircraft owners to restrict access to planes while aircraft manufacturers are urged to review the implementation of CAN bus networks to compensate for the physical attack vector. In addition, manufacturers should also implement safeguards such as CAN bus-specific filtering, whitelisting, and segregation.
It is worth mentioning that big aircraft use more complex systems with additional security requirements. However, the DHS alert does not apply to older small planes with mechanical control systems.
“This latest alert around aircraft cybersecurity should serve as a reminder to the entire aviation industry of the opportunities and challenges presented by modern connectivity,” said Orion Cassetto, director, Product Marketing, Exabeam.
“Every month, there are 1,000 cyberattacks across the air transport industry. At the same time, just 35 percent of airlines and 30 percent of airports believe they are prepared to deal with cyber threats today. The industry is constantly innovating to stay ahead of the technology curve, but these innovations are actually creating new vulnerabilities.
Cassetto said that while airlines are using emerging technologies to provide top-notch service to passengers but an area that’s less visible to passengers is the activity monitoring and data collection airlines conduct across a wide range of applications. This information is used to improve operations that impact every stage of the journey.
Machine learning, big data, and analytics are all being used to gather data and set a baseline of normal behavior, which makes threats and anomalous behavior easier and faster to identify. Systems that can detect and escalate unusual patterns and help pinpoint event timelines provide deep insight on security events that may be the source of the anomalies. Gaining access to that insight before something happens is critical because it allows officials to stop problems before they start.