Open search

CAN Newsletter magazine

CAN security case in small aircrafts

The reported case requires access to the CAN network. The CAN data frames were injected by means of a CAN dongle.

In July 2019, the US Department of Homeland (CISA) has issued a security alert warning owners of small aircrafts about vulnerabilities that can be exploited to alter airplane telemetry (Source: Adobe Stock)

The complete article is published in the December issue of the CAN Newsletter magazine 2019. This is just an excerpt.

The Rapid7 cybersecurity company detected this CAN security case. “After performing a thorough investigation on two commercially available avionics systems, Rapid7 demonstrated that it was possible for a malicious individual to send false data to a small aircraft’s wiring.”

The article describes some details of the findings in the two aircrafts. In the first aircraft 11-bit IDs were used and the network in the second aircraft was based on 29-bit IDs. After the description of these cases, a summary is given.

Of course, in military and commercial aviation, the physical access to aircrafts is limited and controlled. Nevertheless, the reported vulnerabilities can be critical in other applications. The researchers from Rapid7 recommend a message authentication protocol. They propose to use CAN FD for this purpose, because there is sufficient payload available.

If you want to continue reading this article, you can download the PDF. Or you download the full magazine. This is free-of-charge.


Publish date