Expand / Collapse search
Watch TV
Menu

This material may not be published, broadcast, rewritten, or redistributed. ©2024 FOX News Network, LLC. All rights reserved. Quotes displayed in real-time or delayed by at least 15 minutes. Market data provided by Factset. Powered and implemented by FactSet Digital Solutions. Legal Statement. Mutual Fund and ETF data provided by Refinitiv Lipper.

Transportation

Hacking security alert issued for small planes, DHS warns modern flight systems are 'exploitable'

By Travis Fedschun Fox News
Published
close
Fox News Flash top headlines for July 30 Video

Fox News Flash top headlines for July 30

Fox News Flash top headlines for July 30 are here. Check out what's clicking on Foxnews.com

A security alert was issued by federal officials Tuesday focusing on small planes after authorities voiced concerns that modern flight systems are vulnerable to hacking in the event a malicious actor is able to gain physical access to the aircraft.

The alert from the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency said that a security flaw of open electronics systems known as "the CAN bus" was discovered by a Boston-based cybersecurity company and reported to the federal government, which found the systems are "exploitable."

"An attacker with physical access to the aircraft could attach a device to an avionics CAN bus that could be used to inject false data, resulting in incorrect readings in avionic equipment," CISA said in its alert. "The researchers have outlined that engine telemetry readings, compass and attitude data, altitude, airspeeds, and angle of attack could all be manipulated to provide false measurements to the pilot."

ALLEGED SEATTLE HACKER ARRESTED IN CAPITAL ONE BREACH, BOASTED ON SOCIAL MEDIA: REPORT

Most airports have security officers in place to restrict unauthorized access. While so far no one has appeared to exploit the vulnerability in a real-world scenario, a DHS official told The Associated Press the agency independently confirmed the security flaw with outside partners and a national research laboratory, and decided it was necessary to issue the warning.

A DHS alert recommends that plane owners ensure they restrict unauthorized physical access to their aircraft until the industry develops safeguards to address the issue, which was discovered by Boston-based cybersecurity company, Rapid7, and reported to the federal government.  (AP Photo/M. Spencer Green)

The cybersecurity firm, Rapid7, found an attacker could potentially disrupt electronic messages transmitted across a small plane's network, for example by attaching a small device to its wiring, that would be intended to affect aircraft systems.

If an aircraft were to have its systems compromised, CISA warns that pilots wouldn't be able to rely on readings from instruments.

"The researchers have further outlined that a pilot relying on instrument readings would be unable to distinguish between false and legitimate readings, which could result in loss of control of the affected aircraft," the agency noted.

SMALL PLANE LANDS ON WATER NEAR MARYLAND BEACH IN FRONT OF ONLOOKERS

The vulnerability disclosure report is the product of nearly two years of work by Rapid7. After their researchers assessed the flaw, the company alerted DHS. Tuesday's DHS alert recommends manufacturers review how they implement these open electronics systems known as "the CAN bus" to limit a hacker's ability to perform such an attack.

Students accused of hacking into school system to change grades

Students accused of hacking into school system to change grades

Jersey City police arrest four students for using software to access the school district computer system to change their grades.

The CAN bus functions like a small plane's central nervous system. Targeting it could allow an attacker to stealthily hijack a pilot's instrument readings or even take control of the plane, according to the Rapid7 report obtained by The AP.

Only a few years ago, most auto manufacturers used the open CAN bus system in their cars. But after researchers publicly demonstrated how they could be hacked, auto manufacturers added on layers of security, like putting critical functions on separate networks that are harder to access externally.

"The automotive industry has made advancements in implementing safeguards that hinder similar physical attacks to CAN bus systems," CISA noted.

CLICK HERE FOR THE FOX NEWS APP

The Rapid7 report focused only on small aircraft because their systems are easier for researchers to acquire. Large aircraft frequently use more complex systems and must meet additional security requirements. The DHS alert does not apply to older small planes with mechanical control systems.

The Department of Homeland Security plans to issue a security alert Tuesday for small planes, warning that modern flight systems are vulnerable to hacking if someone manages to gain physical access to the aircraft. (AP Photo/Gerald Herbert)

In its warning, CISA recommends that aircraft owners "restrict access to planes to the best of their abilities."

But Patrick Kiley, Rapid7's lead researcher on the issue, told the AP an attacker could exploit the vulnerability with access to a plane or by bypassing airport security.

"Someone with five minutes and a set of lock picks can gain access [or] there's easily access through the engine compartment," Kiley said.

CISA also recommended that aircraft manufacturers should "review implementation of CAN bus networks to compensate for the physical attack vector."

The Associated Press contributed to this report.