Officials at the Department of Homeland Security issued an alert Tuesday about a potential vulnerability in small aircraft, where hackers with physical access to the planes could plant hidden devices interfering with instrument readings.
The alert, from DHS’s Cybersecurity and Infrastructure Security Agency, cited research by the security firm Rapid7, which found hackers could send bogus readings about aircraft altitude, speed, orientation, and other data through some planes’ CAN-bus network systems.
“The researchers have outlined that engine telemetry readings, compass and attitude data, altitude, airspeeds, and angle of attack could all be manipulated to provide false measurements to the pilot,” according to the DHS alert. “The researchers have further outlined that a pilot relying on instrument readings would be unable to distinguish between false and legitimate readings, which could result in loss of control of the affected aircraft.”
DHS recommends that “aircraft owners restrict access to planes to the best of their abilities” and that manufacturers take steps to limit such attack possibilities.
In its report, Rapid7 indicates that it warned two avionics systems vendors of vulnerabilities in their products, though it didn’t disclose the companies’ names, in order “to highlight that this is not a product-specific issue.”