Patrick Kiley, a senior security consultant at Rapid7 conducted an investigation into the security of avionics systems inside small airplanes. The results are disconcerting it is quite easy to hack a small plane.
The expert focused the analysis on the Controller Area Network (CAN) bus implements by two commercially available avionics systems from aircraft manufacturers who specialize in light aircraft.
The CAN is a crucial component in vehicles and aircraft that allows data and signaling information to be’ exchanged between the onboard computer systems.
“Small aircraft typically maintain the direct mechanical linkage between the flight controls and the flight surface. However, electronic controls for flaps, trim, engine controls, and autopilot systems are becoming more common,” explained Kiley.
“This is similar to how most modern automobiles no longer have a physical connection between the throttle and the actuator that causes the engine to accelerate.”
Kiley was able to able to send forged messages to the control systems of the aircraft and perform malicious activities.
The expert demonstrated that it is possible to change the altitude and airspeed readings, changing engine telemetry readings, altering telemetry, and disabling or rerouting the autopilot.
“While the impact of such an attack could be dire, we want to emphasize that this attack requires physical access, something that is highly regulated and controlled in the aviation sector,” Kiley noted.
“While we believe that relying wholly on physical access controls is unwise, such controls do make it much more difficult for an attacker to access the CAN bus and take control of the avionics systems.”
Let me suggest to read the report that contains much interesting information about the security of avionics systems.