The Cybersecurity and Infrastructure Security Agency (CISA) has warned of insecure CAN bus network implementations affecting aircraft.
On 30 July, CISA explained that attackers could target aircraft by exploiting insecure implementations of their CAN bus networks, tools which allow separate devices and systems to communicate with one another using a single protocol. These bad actors would simply require physical access to the targeted aircraft. As CISA explains in its advisory:
An attacker with physical access to the aircraft could attach a device to an avionics CAN bus that could be used to inject false data, resulting in incorrect readings in avionic equipment. The researchers have outlined that engine telemetry readings, compass and attitude data, altitude, airspeeds, and angle of attack could all be manipulated to provide false measurements to the pilot. The researchers have further outlined that a pilot relying on instrument readings would be unable to distinguish between false and legitimate readings, which could result in loss of control of the affected aircraft.
The Department of Homeland Security body clarified that aircraft manufacturers can help defend against these types of security issues by reviewing their CAN bus network implementations with the physical attack vector in mind. CISA went on to clarify that this effort should partly involve looking to the automobile industry, a sector which has already taken steps to stem the tide of physical attacks targeting CAN bus systems. Specifically, it mentioned that manufacturers examine safeguards like CAN bus-specific filtering, whitelisting and segregation. In the meantime, aircraft owners should work to limit physical access to their planes. Tripwire senior director of security research Lamar Bailey noted that this step is extremely important. As he told SC Media:
Organizations spend a lot of time worrying about external attacks but nothing is as effective as having physical access to a system or asset The ability to directly connect to a system allows the attacker to bypass many of the layers of security in place for remote defense. Insider threat is still one of the most dangerous and hardest to defend against.
Should owners decide to implement additional defensive measures, they should conduct risk assessments and perform an impact analysis before doing so.
