The Department of Homeland Security is said to be preparing a “security alert” insisting that small-aircraft systems could be hacked easily. According to an Associated Press report, the DHS is concerned that physical access to aircraft could allow hackers to install hardware to spoof sensor readings that in turn could provide erroneous system or attitude indications.
The DHS’s call to action comes after a report by the cybersecurity company Rapid7, which points out that small aircraft are more likely to have un-hardened CANbus data connections and can be easily broken into. The FAA says that general airport security measures should keep hackers away from aircraft but acknowledged that it would look into the matter later this year.
Patrick Kiley, Rapid7’s lead researcher, told the AP that accessibility is a concern. “Someone with five minutes and a set of lock picks can gain access (or) there’s easily access through the engine compartment,” he said. The firm also points out that commercial and military aircraft are considerably more secure than the typical GA fleet.
Rapid7’s recommendations are in line with years of research on automotive networked systems, which have become far more robust over the years, both for security reasons and to ensure compliance with various federal emissions and safety regulations.