CAN Bus Can Be Hacked

[rjtjrt]

Report CAN Bus is insecure to hacking.

https://www.stuff.co.nz/travel/trave...r-small-planes

[GalinHdz]

Quote:

Originally Posted by rjtjrt

Report CAN Bus is insecure to hacking.

https://www.stuff.co.nz/travel/trave...r-small-planes

But DHS specifically states they must have "unsupervised physical access to the airplane". Not sure about you, but I know if anybody else is in my airplane wih me.

[jacoby]

First rule of security: if someone has physical access, all other rules are void.

IMHO, this really isn't much different than someone going in and futzing with your analog gauge calibration or disconnecting an antenna or loosening a control, etc.

Now if this could be exploited without touching the CAN bus wiring, that would be a whole new world of problems.

[dreed]

I work in an industry that is heavily involved with the transportation industry (lots of big trucks/Mil/etc.)

All of the major truck manufactures are moving to a read only data bus/Can bus for ancillary devices for the same reasons and concerns.

https://www.trucks.com/2016/08/11/tr...yber-security/

[BrianDC]

This is not news, just someone applying what has been done in the Auto world to aviation. Wired did a piece on what someone could do if they had access to the CAN bus in Autos back in 2015 (Hint, this still required physical access in the first place):
https://www.wired.com/2015/07/hacker...-jeep-highway/

As others and even DHS have said, physical access is required. Do you realize that hackers could even hack your laptop if they got physical access to it? Seriously, this is a just silly.

It would be much easier for someone to attack the ADSB system, jam GPS, mess with the ILS or any of a number of other things.

[Lemmingman]

Quote:

Originally Posted by BrianDC

This is not news, just someone applying what has been done in the Auto world to aviation. Wired did a piece on what someone could do if they had access to the CAN bus in Autos back in 2015 (Hint, this still required physical access in the first place):
https://www.wired.com/2015/07/hacker...-jeep-highway/

As others and even DHS have said, physical access is required. Do you realize that hackers could even hack your laptop if they got physical access to it? Seriously, this is a just silly.

The risk, as far as I can tell is pretty low for this particular use case. Brian is right, this has been done before but is probably a good notice for us in the experimental GA world to understand that the risk, though small, does exist.

Someone doesn't have to be doing something nefarious for this to manifest itself. The basic idea is that communication on the bus is not validated in any way that it originates from a trusted source.

Fly IFR with components meant for that task. Fly VFR with eyes outside.

[Brantel]

Same could be said of basically all the systems in GA aircraft.

[Thermos]

In career #1 I was one of those people who sat around hypothesizing how a bad actor would get into safety-critical aerospace systems. It's a good way to drive yourself nuts.

I'll sleep tight tonight knowing that I'm just one person among millions using CAN bus, and if somebody really wants to mess with me there are far more time- and cost-effective ways than hacking my airplane's avionics.

ds

[DaleB]

Wow. Good thing we don?t use anything even less secure. You know, like USB or even RS232 serial.

Now I need an ibuprofen. My eyes rolled so hard it made my head hurt.

[rv8ch]

Everyone is right - once you give physical access, all bets are off. But still, there are lots of ways that the CAN bus can and should be improved. Reminds me of the early days of ethernet and brokenring - plug something into the network and you could do anything.

Lots of scenarios I can think of that can be exploited with bad CAN security - rogue actor plugging something into the bus during maintenance, innocent actor plugging nefarious device in, etc.