DHS warns about vulnerabilities in small Airplanes


The US Department of Homeland Security cyber-security department (CISA) has issued a security alert that warns all owners of small airplanes regarding the vulnerabilities that could be exploited to alter airplane telemetry.

The vulnerabilities lies in avionics which is the electronic equipment fitted in an aircraft and more specifically inside a small aircraft’s CAN bus.

A Controller Area Network (CAN bus) component is fitted inside different vehicles like planes, cars, airplanes, boats and they act as a central network through which other components communicate with each other.

Any attacker having physical access to the aircraft could attach a device to an avionics CAN bus that could be used to inject false data, resulting in incorrect readings in avionic equipment.

Patrick Kiley, a security researcher from the cybersecurity firm Rapid7, published a report about vulnerabilities in various CAN bus components sold by two vendors. Following this the CISA has sent the security alert.

According to Kiley an attacker with access to a plane’s CAN bus could use these vulnerabilities to alter engine telemetry readings, compass and attitude data, altitude, airspeeds, and angle of attack.

If these vulnerabilities are exploited, it provides false readings to pilots, and lead to crashes or other incidents involving small aircraft.

Kiley will be presenting his work at the Avionics Village at the DEFCON security conference to be held in two weeks.

The security researcher published a blog post in which he highlighted that the aviation industry is lagging behind the automotive industry when it comes to cyber-security.

The airplane manufacturers are failing at preventing access to planes’ CAN bus. He states that cars are easily accessible as the people leave them parked on streets. While the airplanes exist in a much more secure environment that includes a lot of physical security controls.

 Kiley wanted the aviation industry to be aware of this issue so that they could secure CAN buses with stronger defensive measures.

 CISA recommends that aircraft owners must restrict access to planes avionics’ components to the best of their abilities.

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    Capital One Data Breach impacts 106 Million Customers

    Previous article

    Critical Flaws in ‘OXID eShop’ Software

    Next article

    You may also like


    Leave a reply

    Your email address will not be published. Required fields are marked *