Hacking - Oppdatering - Curt Lewis

U.S. officials warn airplane hackers could tamper with flight controls


An Embraer Praetor 600 business aircraft performs a demonstration flight on June 18 at the Paris Air Show in Le Bourget, France. File Photo by Eco Clement/UPI | License Photo

July 30 (UPI) -- U.S. security officials issued a warning Tuesday that small airplanes are also vulnerable to hacking, and the openings might allow criminals to alter key instrument readings to produce false data in flight.

The Homeland Security Department's Cybersecurity and Infrastructure Security Agency issued a report that recommends aircraft owners restrict physical access to the planes and that aircraft manufacturers review the implementation of Controller Area Network bus systems.

Government experts said in the report, however, such hacking could not be done remotely.

"An attacker with physical access to the aircraft could attach a device to [flight equipment] that could be used to inject false data, resulting in incorrect readings in avionics equipment," the report states.

The agency said that type of hack, though, could affect everything from engine telemetry readings, compass and altitude, speed and angle of attack -- all of which are critical flight elements that could lead to catastrophic failure. A pilot relying on instrument readings would not be able to tell between false and true instrument readings.

One recommendation the department makes is to follow advances by automakers.

"The automotive industry has made advancements in implementing safeguards that hinder similar physical attacks," it said. "[Those safeguards] should be evaluated by aircraft manufacturers."

Expert Patrick Kiley said aviation technology now lags behind other technologies and part of the overall problem is a false sense of security due to the face most airplanes are stored in secure locations.

"While physical restrictions are great, we really feel like avionics, in particular, need to implement defense in-depth," he said.

Security Chiefs Warn Of Need for Aircraft Safeguards

The DHS Cybersecurity and Infrastructure Security Agency (CISA) yesterday released a warning that certain CAN bus systems aboard aircraft might be vulnerable to hacking when an attacker has “unsupervised physical access to the aircraft.” ICS-ALERT-19-211-01 cites a report that an attacker with access to the aircraft could attach a device to an avionics CAN bus to “inject false data, resulting in incorrect readings in avionic equipment.”

Issued ahead of next week’s Def Con “Hacker” Conference, that report, from IT consultancy Rapid7, stated, “After performing a thorough investigation on two commercially available avionics systems, Rapid7 demonstrated that it was possible for a malicious individual to send false data to these systems, given some level of physical access to a small aircraft’s wiring.” Pilots may not be able to distinguish between false and legitimate readings, it said. That research was conducted in a lab environment. 

CISA recommends that aircraft owners restrict access to aircraft and that manufacturers review implementation of CAN bus networks “to compensate for the physical attack vector.” 

“The DHS alert correctly points to the mitigations that are used to manage security in the aviation industry,” said GAMA v-p of operations Jens Hennig. “In evaluating such risk, it is important to consider actual real-world scenarios, especially by providing recognition of the protections our overall systems approach provides to managing aviation safety and security.”