Hack a small airplane? Yes, we CAN (bus) – once we physically break into one, get at its wiring, plug in evil kit...

DEF CON An investigation into the computer security of small airplanes, the results of which were made public this week, will be sure to generate some flashy headlines. However, there are important caveats.

The probe in question, carried out by Patrick Kiley, a senior security consultant at Rapid7, shows just how easy it is to hack a small plane. Kiley, an amateur pilot, cracked open the avionics – that's the aircraft's control and navigation systems – from two aircraft manufacturers who specialize in light aircraft, and studied their Controller Area Network (CAN) bus. This electrical bus is used to shuttle data between the onboard computer systems of the aircraft.

Kiley found that, in many cases, small planes use the CAN bus much in the same way that modern cars do. The control systems use the single bus to relay commands to various hardware components and receive readings from sensors.

"Small aircraft typically maintain the direct mechanical linkage between the flight controls and the flight surface. However, electronic controls for flaps, trim, engine controls, and autopilot systems are becoming more common," Kiley noted in his dossier.

"This is similar to how most modern automobiles no longer have a physical connection between the throttle and the actuator that causes the engine to accelerate."

Unlike cars, however, Kiley says there is little in the way of protection from malicious or unauthorized activity on the CAN system for aircraft.

The Rapid7 whitehat was able to tap into the central network of the aircraft and send forged messages to the various control systems. Among the more nefarious tasks he was able to accomplish were changing the altitude and airspeed readings, altering telemetry, disabling or rerouting the autopilot, and changing engine readings.

Sounds scary, but let's consider the threat model here. Obviously, being able to do any of those things on an operational aircraft would be very bad. But we're talking about an attack that requires having direct physical access to the plane and the ability to manipulate its wiring and attach extra hardware, or subvert installed kit. If you have that sort of access there are a thousand other ways to sabotage a plane that don't require hacking. Also, your airplane should be securely locked up at an airport or air field, rather than left out on the street like your car.

"While the impact of such an attack could be dire, we want to emphasize that this attack requires physical access, something that is highly regulated and controlled in the aviation sector," Kiley noted.

"While we believe that relying wholly on physical access controls is unwise, such controls do make it much more difficult for an attacker to access the CAN bus and take control of the avionics systems."

Still, the report is an interesting look into the way modern aircraft navigation and control systems work, and the methods that hackers and tinkerers have to access them. Perhaps not a dire security threat, but an in-depth analysis worth paying attention to.

Those interested in aviation meddling are, however, in for a treat. At next week's hacking summer camp at DEF CON in Las Vegas there will be an entire village devoted to aviation hacking. Kiley and many others will be on hand to show the ins and outs of aircraft hacking. ®