cyber news

Investigating CAN Bus Network Integrity in Avionics Systems

Investigating CAN Bus Network Integrity in Avionics Systems


Modern aircraft systems are becoming increasingly reliant on networked communications systems to display information to the pilot as well as control various systems aboard aircraft. Small aircraft typically maintain the direct mechanical linkage between the flight controls and the flight surface. However, electronic controls for flaps, trim, engine controls, and autopilot systems are becoming more common. This is similar to how most modern automobiles no longer have a physical connection between the throttle and the actuator that causes the engine to accelerate.

Before digital systems became common within aircraft instrumentation, the gauges and flight instruments would rely on mechanical and simple electrical controls that were directly connected to the source of the data they were displaying to the pilot. For example, the altitude and airspeed indicators would be connected to devices that measure the speed of airflow through a tube as well as the pressure outside the aircraft. In addition, the attitude and directional indicators would be powered by a vacuum source that drove a mechanical gyroscope. The flight surfaces would be directly connected to the pilot’s control stick or yoke—on larger aircraft, this connection would be via a hydraulic interface. Some flight surfaces, such as flaps and trim tabs, would have simple electrical connections that would directly turn motors on and off.

Modern aircraft use a network of electronics to translate signals from the various sensors and place this data onto a network to be interpreted by the appropriate instruments and displayed to the pilot. Together, the physical network, called a “vehicle bus,” and a common communications method called Controller Area Network (CAN) create the “CAN bus,” which serves as the central nervous system of a vehicle using this method. In avionics, these systems provide the foundation of control systems and sensor systems and collect data such as altitude, airspeed, and engine parameters such as fuel level and oil pressure, then display them to the pilot.

After performing a thorough investigation on two commercially available avionics systems, Rapid7 demonstrated that it was possible for a malicious individual to send false data to these systems, given some level of physical access to a small aircraft’s wiring. Such an attacker could attach a device—or co-opt an existing attached device—to an avionics CAN bus in order to inject false measurements and communicate them to the pilot. These false measurements may include the following:

  • Incorrect engine telemetry readings

  • Incorrect compass and attitude data

  • Incorrect altitude, airspeed, and angle of attack (AoA) data

In some cases, unauthenticated commands could also be injected into the CAN bus to enable or disable autopilot or inject false measurements to manipulate the autopilot’s responses. A pilot relying on these instrument readings would not be able to tell the difference between false data and legitimate readings, so this could result in an emergency landing or a catastrophic loss of control of an affected aircraft.

While the impact of such an attack could be dire, we want to emphasize that this attack requires physical access, something that is highly regulated and controlled in the aviation sector. While we believe that relying wholly on physical access controls is unwise, such controls do make it much more difficult for an attacker to access the CAN bus and take control of the avionics systems.

Is My Smartphone Listening to Me?


written by: A. Smith
July 25, 2019

If you have an Android device, it is a very capable possibility. The idea in which it is implemented is utilizing a method known formally as Spearphishing. (No, unfortunately, it is not a term referring to the extreme pastime of underwater fishing.)

Spearphishing has a more sinister definition in the tech industry.. If you are unfamiliar with the term or practice, I would highly recommend a quick online search to expand your tech vocabulary. A sixteen-page analysis of findings released on July 12, 2019, by a team of expert researchers from the University of Alabama and Rutgers University, exposed a very real security threat. Through their research and testing, they developed a new 3-pronged attack on the Android OS known as: Spearphone *p2 L13.

The general take-away from reading this technically descriptive analysis simply boils down to understanding that the most mundane features on a phone, such as using voice commands for your search engine or utilizing speakerphone during an important business conversation. Those unassuming practices may expose your personal and confidential data to a cybercriminal or someone with malicious intent. Always be aware of every possibility and have a deep understanding of the importance of cybersecurity to your personal life and business. The question is not if, but when, and whether or not you a worthy target? Do you work for a company in which you retain sensitive work-related data on your phone?

Interesting parting thoughts to ponder.









*This article was solely written for the intent of educational purposes under the Fair Use act. *