DHS warns of cyber vulnerability in small aircraft

The Department of Homeland Security’s (DHS) cybersecurity agency issued a security alert on Tuesday warning of a cyber vulnerability in small aircraft that could enable malicious actors to change key readings on the planes.

The alert was issued after cybersecurity group Rapid7 reported to DHS’s Cybersecurity and Infrastructure Security Agency (CISA) that an aircraft’s Controller Area Network (CAN) bus system can be exploited by a cyber attacker if the hacker has physical access to the plane.

CISA warned that the hacker could attach a device to the aircraft’s CAN bus system that could “inject false data,” leading to incorrect readings.

Attackers could manipulate the plane’s altitude, airspeed and angle of attack data, CISA noted, adding that pilots would not be able to “distinguish between false and legitimate readings” and could lose control of the airplane.