Take the pledge to vote

For a better tommorow#AajSawaroApnaKal
  • I agree to receive emails from News18

  • I promise to vote in this year's elections no matter what the odds are.
  • Please check above checkbox.

    SUBMIT

Thank you for
taking the pledge

Vote responsibly as each vote counts
and makes a diffrence

Disclaimer:

Issued in public interest by HDFC Life. HDFC Life Insurance Company Limited (Formerly HDFC Standard Life Insurance Company Limited) (“HDFC Life”). CIN: L65110MH2000PLC128245, IRDAI Reg. No. 101 . The name/letters "HDFC" in the name/logo of the company belongs to Housing Development Finance Corporation Limited ("HDFC Limited") and is used by HDFC Life under an agreement entered into with HDFC Limited. ARN EU/04/19/13618
LIVE TV DownloadNews18 App
News18 English
News18 » World
3-min read

US Department of Homeland Security Issues Hacking Security Alert for Small Planes

Engine readings, compass data, altitude and other readings "could all be manipulated to provide false measurements to the pilot," according to the DHS alert.

Associated Press

Updated:July 30, 2019, 8:41 PM IST
facebookTwitterskypewhatsapp
US Department of Homeland Security Issues Hacking Security Alert for Small Planes
Representative image.
Loading...

Washington: The Department of Homeland Security issued a security alert Tuesday for small planes, warning that modern flight systems are vulnerable to hacking if someone manages to gain physical access to the aircraft.

An alert from the DHS critical infrastructure computer emergency response team recommends that plane owners ensure they restrict unauthorized physical access to their aircraft until the industry develops safeguards to address the issue, which was discovered by a Boston-based cybersecurity company and reported to the federal government.

Most airports have security in place to restrict unauthorized access and there is no evidence that anyone has exploited the vulnerability.

But a DHS official told The Associated Press that the agency independently confirmed the security flaw with outside partners and a national research laboratory, and decided it was necessary to issue the warning.

The cybersecurity firm, Rapid7, found that an attacker could potentially disrupt electronic messages transmitted across a small plane's network, for example by attaching a small device to its wiring, that would affect aircraft systems.

Engine readings, compass data, altitude and other readings "could all be manipulated to provide false measurements to the pilot," according to the DHS alert.

The warning reflects the fact that aircraft systems are increasingly reliant on networked communications systems, much like modern cars. The auto industry has already taken steps to address similar concerns after researchers exposed vulnerabilities.

The Rapid7 report focused only on small aircraft because their systems are easier for researchers to acquire. Large aircraft frequently use more complex systems and must meet additional security requirements. The DHS alert does not apply to older small planes with mechanical control systems.

But Patrick Kiley, Rapid7's lead researcher on the issue, said an attacker could exploit the vulnerability with access to a plane or by bypassing airport security.

"Someone with five minutes and a set of lock picks can gain access (or) there's easily access through the engine compartment," Kiley said.

Jeffrey Troy, president of the Aviation Information Sharing and Analysis Center, an industry organization for cybersecurity information, said there is a need to improve the security in networked operating systems but emphasized that the hack depends on bypassing physical security controls mandated by law.

With access, "you have hundreds of possibilities to disrupt any system or part of an aircraft," Troy said.

The Federal Aviation Administration said in a statement that a scenario where someone has unrestricted physical access is unlikely, but the report is also "an important reminder to remain vigilant" about physical and cybersecurity aircraft procedures.

Aviation cybersecurity has been an issue of growing concern around the world.

In March, the U.S. Department of Transportation's inspector general found that the FAA had "not completed a comprehensive, strategy policy framework to identify and mitigate cybersecurity risks." The FAA agreed and said it would look to have a plan in place by the end of September.

The UN's body for aviation proposed its first strategy for securing civil aviation from hackers that's expected to go before the General Assembly in September, said Pete Cooper, an ex-Royal Air Force fast jet pilot and cyber operations officer who advises the aviation industry.

The vulnerability disclosure report is the product of nearly two years of work by Rapid7. After their researchers assessed the flaw, the company alerted DHS. Tuesday's DHS alert recommends manufacturers review how they implement these open electronics systems known as "the CAN bus" to limit a hacker's ability to perform such an attack.

The CAN bus functions like a small plane's central nervous system. Targeting it could allow an attacker to stealthily hijack a pilot's instrument readings or even take control of the plane, according to the Rapid7 report obtained by The AP.

"CAN bus is completely insecure," said Chris King, a cybersecurity expert who has worked on vulnerability analysis of large-scale systems.

"It was never designed to be in an adversarial environment, (so there's) no validation" that what the system is being told to do is coming from a legitimate source.

Get the best of News18 delivered to your inbox - subscribe to News18 Daybreak. Follow News18.com on Twitter, Instagram, Facebook, TikTok and on YouTube, and stay in the know with what's happening in the world around you – in real time.

Subscribe to Moneycontrol Pro and gain access to curated markets data, trading recommendations, equity analysis, investment ideas, insights from market gurus and much more. Get Moneycontrol PRO for 1 year at price of 3 months. Use code FREEDOM.

Read full article
Loading...
Next Story
Next Story

Also Watch

facebookTwitterskypewhatsapp

Live TV

Loading...
Countdown To Elections Results
To Assembly Elections 2018 Results