DHS Warning: Small Planes Vulnerable to Cyberattack Through CAN Bus Component
A vulnerability in a component of small planes could alter the aircrafts’ telemetry if physically accessed by an attacker, warns the US Department of Homeland Security’s cybersecurity unit (CISA).
The vulnerability was found in the Controller Area Network (CAN) bus of small planes, which allows various devices and components inside the aircraft (or any other kind of vehicle) to communicate with each other.
Physical access to the aircraft is necessary to exploit the vulnerability. With the requisite access, a potential attacker can attach a device that injects false data into the avionics CAN bus, which could result to incorrect readings of the aircraft’s avionics equipment.
The aircraft’s telemetry readings, altitude, compass and attitude data, angle of attack, and airspeeds could be manipulated in this manner. The pilot would unknowingly be relying on false measurements and could lose control of the aircraft.
CISA has released this information in a security advisory, which encourages owners of small planes to restrict access to their aircrafts, and manufacturers to review their CAN bus implementation. The report was based on the analysis done by Rapid7 researchers who discovered the vulnerability.
The researchers have also compared the security of airplanes to that of more accessible vehicles like automobiles, since CAN bus implementation is a standard in vehicular networking and also found in cars.
They posited that because airplanes have typically stronger physical security than automobiles, more research had been put into securing the CAN bus in the latter than in the former. In fact, the use of CAN bus in automobiles has been explored in the past, raising security issues that could drastically affect car performance. Implementing similar security measures, as done on the CAN bus of automobiles, can then help defend against possible exploits of the vulnerability.
Security blind spots
This case illustrates how strict security in one area of an industry or machine can inadvertently lead to blind spots in other areas. Vulnerabilities exist in these blind spots, as demonstrated by this CAN bus vulnerability and previously reported cases, like the security issues discovered in the Automatic Identification System (AIS) used for enhancing the safety of vessel traffic.
Vulnerabilities affect different industries, both in standard protocols and critical systems that they have implemented in their processes. Here are a few best practices to defend against vulnerabilities and reduce security blind spots:
- Be aware of recent research findings and discoveries in the cyberthreat landscape. Knowing the recent trends in threats and vulnerability discoveries can help prepare industries against attacks.
- Implement network segmentation. For this kind of vulnerability, creating CAN sub-buses can prevent the free circulation of can frames to all the devices and components in the vehicle.
- Assess all areas of security regularly. As demonstrated in this case, relying on just one aspect of security could inadvertently lead to neglect in another. Assessing different security areas regularly can reduce possible blind spots in an enterprise’s defenses.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: Trigona
- Steering Clear of Security Blind Spots: What SOCs Need to Know
- Understanding the Kubernetes Security Triad: Image Scanning, Admission Controllers, and Runtime Security
- Preempting Threats to Connected Cars: The Importance of Cybersecurity in a Data-Driven Automotive Ecosystem
- Your Stolen Data for Sale