Hacking avionics systems through the CAN bus

An expert analyzed the level of security of avionics systems used in small airplanes, and the results are disconcerting.

Patrick Kiley, a senior security consultant at Rapid7 conducted an investigation into the security of avionics systems inside small airplanes. The results are disconcerting it is quite easy to hack a small plane.

Kiley, which is also, an amateur pilot, was able to crack the ⁷aircraft’s control and navigation systems.

The expert focused the analysis on the Controller Area Network (CAN) bus implements by two commercially available avionics systems from aircraft manufacturers who specialize in light aircraft.

The CAN is a crucial component in vehicles and aircraft that allows data and signaling information to be’ exchanged between the onboard computer systems.

The control systems send commands to several components via CAN bus.

“Small aircraft typically maintain the direct mechanical linkage between the flight controls and the flight surface. However, electronic controls for flaps, trim, engine controls, and autopilot systems are becoming more common,” explained Kiley.

“This is similar to how most modern automobiles no longer have a physical connection between the throttle and the actuator that causes the engine to accelerate.”

Unfortunately, an attacker can abuse the CAN bus to interfere with the ordinary operations even if unlike cars, airplanes adopt some protection measures.

Kiley was able to able to send forged messages to the control systems of the aircraft and perform malicious activities.

The expert demonstrated that it is possible to change the altitude and airspeed readings, changing engine telemetry readings, altering telemetry, and disabling or rerouting the autopilot.

“While the impact of such an attack could be dire, we want to emphasize that this attack requires physical access, something that is highly regulated and controlled in the aviation sector,” Kiley noted.

“While we believe that relying wholly on physical access controls is unwise, such controls do make it much more difficult for an attacker to access the CAN bus and take control of the avionics systems.”

Let me suggest to read the report that contains much interesting information about the security of avionics systems.

window._mNHandle = window._mNHandle || {};
window._mNHandle.queue = window._mNHandle.queue || [];
medianet_versionId = “3121199”;

try {
window._mNHandle.queue.push(function () {
window._mNDetails.loadTag(“762221962”, “300×250”, “762221962”);
catch (error) {}

Pierluigi Paganini

(SecurityAffairs – avionics systems, hacking)

The post Hacking avionics systems through the CAN bus appeared first on Security Affairs.