VansAirForceForums  
Home > VansAirForceForums

-POSTING RULES
-Advertise in here!
- Today's Posts | Insert Pics

Keep VAF Going
Donate methods

Point your
camera app here
to donate fast.

  #1  
Old 07-30-2019, 04:02 PM
rjtjrt rjtjrt is offline
 
Join Date: Mar 2006
Location: Australia
Posts: 802
Default CAN Bus Can Be Hacked

Report CAN Bus is insecure to hacking.

https://www.stuff.co.nz/travel/trave...r-small-planes
Reply With Quote
  #2  
Old 07-30-2019, 04:10 PM
GalinHdz's Avatar
GalinHdz GalinHdz is offline
 
Join Date: Mar 2010
Location: KSGJ / TJBQ
Posts: 2,347
Default

Quote:
Originally Posted by rjtjrt View Post
Report CAN Bus is insecure to hacking.

https://www.stuff.co.nz/travel/trave...r-small-planes
But DHS specifically states they must have "unsupervised physical access to the airplane". Not sure about you, but I know if anybody else is in my airplane wih me.
__________________
Galin
CP-ASEL-AMEL-IR
FCC Radiotelephone (PG) with Radar Endorsement
2022 Donation made
www.PuertoRicoFlyer.com
Reply With Quote
  #3  
Old 07-30-2019, 04:11 PM
jacoby jacoby is offline
 
Join Date: Jul 2018
Location: WNC
Posts: 335
Default

First rule of security: if someone has physical access, all other rules are void.

IMHO, this really isn't much different than someone going in and futzing with your analog gauge calibration or disconnecting an antenna or loosening a control, etc.

Now if this could be exploited without touching the CAN bus wiring, that would be a whole new world of problems.
Reply With Quote
  #4  
Old 07-30-2019, 04:43 PM
dreed dreed is offline
 
Join Date: Nov 2016
Location: Camas, WA
Posts: 530
Default

I work in an industry that is heavily involved with the transportation industry (lots of big trucks/Mil/etc.)

All of the major truck manufactures are moving to a read only data bus/Can bus for ancillary devices for the same reasons and concerns.

https://www.trucks.com/2016/08/11/tr...yber-security/
__________________
Dan Reed
Camas, WA
RV-7A - N167DR

2018/19/20/21 VAF dues paid
Reply With Quote
  #5  
Old 07-30-2019, 04:56 PM
BrianDC's Avatar
BrianDC BrianDC is offline
 
Join Date: Mar 2016
Location: Northern VA
Posts: 293
Default

This is not news, just someone applying what has been done in the Auto world to aviation. Wired did a piece on what someone could do if they had access to the CAN bus in Autos back in 2015 (Hint, this still required physical access in the first place):
https://www.wired.com/2015/07/hacker...-jeep-highway/

As others and even DHS have said, physical access is required. Do you realize that hackers could even hack your laptop if they got physical access to it? Seriously, this is a just silly.

It would be much easier for someone to attack the ADSB system, jam GPS, mess with the ILS or any of a number of other things.
__________________
Brian Lester
RV10 Slow Build - #41778
Finish Kit - in progress
RV10builder.com
KVKX / KHEF
Reply With Quote
  #6  
Old 07-30-2019, 05:35 PM
Lemmingman's Avatar
Lemmingman Lemmingman is offline
 
Join Date: Jun 2010
Location: McKinney, TX
Posts: 689
Default

Quote:
Originally Posted by BrianDC View Post
This is not news, just someone applying what has been done in the Auto world to aviation. Wired did a piece on what someone could do if they had access to the CAN bus in Autos back in 2015 (Hint, this still required physical access in the first place):
https://www.wired.com/2015/07/hacker...-jeep-highway/

As others and even DHS have said, physical access is required. Do you realize that hackers could even hack your laptop if they got physical access to it? Seriously, this is a just silly.
The risk, as far as I can tell is pretty low for this particular use case. Brian is right, this has been done before but is probably a good notice for us in the experimental GA world to understand that the risk, though small, does exist.

Someone doesn't have to be doing something nefarious for this to manifest itself. The basic idea is that communication on the bus is not validated in any way that it originates from a trusted source.

Fly IFR with components meant for that task. Fly VFR with eyes outside.
__________________
Gil Brice
McKinney, TX EAA-1246
RV7 - Working on fuse, fuel, brakes etc...
Reply With Quote
  #7  
Old 07-30-2019, 06:06 PM
Brantel's Avatar
Brantel Brantel is offline
 
Join Date: Mar 2006
Location: Newport, TN
Posts: 7,514
Default

Same could be said of basically all the systems in GA aircraft.
__________________
Brantel (Brian Chesteen),
Check out my RV-10 builder's BLOG
RV-10, #41942, N?????, Project Sold
---------------------------------------------------------------------
RV-7/TU, #72823, N159SB
Lyc. O-360 carbed, HARTZELL BA CS Prop, Dual P-MAGs, Dual Garmin G3X Touch
Track N159SB (KK4LIF)
Like EAA Chapter 1494 on Facebook
Reply With Quote
  #8  
Old 07-30-2019, 06:06 PM
Thermos's Avatar
Thermos Thermos is offline
 
Join Date: Jan 2005
Location: KASH
Posts: 633
Default

In career #1 I was one of those people who sat around hypothesizing how a bad actor would get into safety-critical aerospace systems. It's a good way to drive yourself nuts.

I'll sleep tight tonight knowing that I'm just one person among millions using CAN bus, and if somebody really wants to mess with me there are far more time- and cost-effective ways than hacking my airplane's avionics.

ds
__________________
Dave Setser
CFII/MEI, Consultant DER
EAA Technical Counselor/Flight Advisor
RV-7 N701ED Flying!
Nashua, NH (KASH) / Plymouth, NH (1P1)

Last edited by Thermos : 07-30-2019 at 06:15 PM.
Reply With Quote
  #9  
Old 07-30-2019, 10:30 PM
DaleB's Avatar
DaleB DaleB is offline
 
Join Date: Sep 2012
Location: Omaha, NE (KMLE)
Posts: 2,356
Default

Wow. Good thing we don?t use anything even less secure. You know, like USB or even RS232 serial.

Now I need an ibuprofen. My eyes rolled so hard it made my head hurt.
__________________
Dale

Omaha, NE
RV-12 # 222 N980KM "Screamin' Canary" (bought flying)
Fisher Celebrity (under construction)
Previous RV-7 project (sold)
Reply With Quote
  #10  
Old 07-31-2019, 12:26 AM
rv8ch's Avatar
rv8ch rv8ch is offline
 
Join Date: Feb 2005
Location: LSGY
Posts: 4,773
Default physical security

Everyone is right - once you give physical access, all bets are off. But still, there are lots of ways that the CAN bus can and should be improved. Reminds me of the early days of ethernet and brokenring - plug something into the network and you could do anything.

Lots of scenarios I can think of that can be exploited with bad CAN security - rogue actor plugging something into the bus during maintenance, innocent actor plugging nefarious device in, etc.
__________________
Mickey Coggins

http://www.rv8.ch/help-people-in-ukraine/
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -6. The time now is 04:28 PM.


The VAFForums come to you courtesy Delta Romeo, LLC. By viewing and participating in them you agree to build your plane using standardized methods and practices and to fly it safely and in accordance with the laws governing the country you are located in.