(30 Jul 2019) FOR CLEAN VERSION SEE STORY NUMBER: apus121208
The Department of Homeland Security issued a security alert Tuesday for small planes, warning that modern flight systems are vulnerable to hacking if someone manages to gain physical access to the aircraft.
An alert from the DHS critical infrastructure computer emergency response team recommends that plane owners ensure they restrict unauthorized physical access to their aircraft until the industry develops safeguards to address the issue, which was discovered by a Boston-based cybersecurity company and reported to the federal government.
Most airports have security in place to restrict unauthorized access and there is no evidence that anyone has exploited the vulnerability. But a DHS official told The Associated Press that the agency independently confirmed the security flaw with outside partners and a national research laboratory, and decided it was necessary to issue the warning.
The cybersecurity firm, Rapid7, found that an attacker could potentially disrupt electronic messages transmitted across a small plane’s network, for example by attaching a small device to its wiring, that would affect aircraft systems.
Engine readings, compass data, altitude and other readings “could all be manipulated to provide false measurements to the pilot,” according to the DHS alert.
The warning reflects the fact that aircraft systems are increasingly reliant on networked communications systems, much like modern cars. The auto industry has already taken steps to address similar concerns after researchers exposed vulnerabilities.
The Rapid7 report focused only on small aircraft because their systems are easier for researchers to acquire. Large aircraft frequently use more complex systems and must meet additional security requirements.
The DHS alert does not apply to older small planes with mechanical control systems.
Tuesday’s DHS alert recommends manufacturers review how they implement these open electronics systems known as “the CAN bus” to limit a hacker’s ability to perform such an attack.
The CAN bus functions like a small plane’s central nervous system. Targeting it could allow an attacker to stealthily hijack a pilot’s instrument readings or even take control of the plane, according to the Rapid7 report obtained by The AP.
Only a few years ago, most auto manufacturers used the open CAN bus system in their cars. But after researchers publicly demonstrated how they could be hacked, auto manufacturers added on layers of security, like putting critical functions on separate networks that are harder to access externally.
Find out more about AP Archive: http://www.aparchive.com/HowWeWork
You can license this story through AP Archive: http://www.aparchive.com/metadata/youtube/3ba305269fce40b4caaabfdc3181d856