Avionics of small planes is vulnerable to attacks with the replacement of telemetry

The Cybersecurity Department of the United States Department of Homeland Security (CISA) warned that avionics (a combination of all systems developed for use in aviation as on-board instruments) of small aircraft could be vulnerable to telemetry attacks.

“An attacker who has physical access to the aircraft can connect to the CAN tire a special device that can be used to enter false data, which will lead to the display of incorrect readings on the on-board equipment”, – write CISA specialists.

The Department of Homeland Security warning is based on a recently published study conducted by a Rapid7 specialist and amateur pilot Patrick Kiley.

He demonstrated that, having physical access to the aircraft, the attacker will be able to change the engine’s telemetry readings, compass data and position angle in space, altitude, airspeed, and angle of attack. Keeley will give a report on this topic at the Defcon conference in August of this year.

Researcher and CISA experts fear that the exploitation of these problems could lead to air crashes and other aviation accidents. The Rapid7 blog emphasizes that the aviation industry, unfortunately, still stays behind the automotive industry when it comes to cybersecurity.

Read also: British Airways will pay a record penalty for data leakage within the GDPR

For example, aircraft manufacturers do not even try to prevent unauthorized access to aircraft CAN-tires. While it is very difficult to get access to the CAN-tires of a modern car, and for this, it is will be necessary to break or remove some car components.

As a result, CISA recommends that aircraft owners limit physical access to aircraft and avionics components whenever possible.

Keely points out that most of the time aircrafts are, of course, in a safe environment, which usually includes many physical security measures, but this is not necessarily good.

“Just like a football helmet can ultimately increase the risk of head injuries, increased physical safety of aircraft can paradoxically make them more vulnerable to cyberattacks”, – emphasizes Patrick Kiley.