US issues hacking security alert for small planes
WASHINGTON (AP) — The Department of Homeland Security issued a security alert Tuesday for small planes, warning that modern flight systems are vulnerable to hacking if someone manages to gain physical access to the aircraft.
An alert from the DHS critical infrastructure computer emergency response tea m recommends that plane owners ensure they restrict unauthorized physical access to their aircraft until the industry develops safeguards to address the issue, which was discovered by a Boston-based cybersecurity company and reported to the federal government.
Most airports have security in place to restrict unauthorized access and there is no evidence that anyone has exploited the vulnerability. But a DHS official told The Associated Press that the agency independently confirmed the security flaw with outside partners and a national research laboratory, and decided it was necessary to issue the warning.
The cybersecurity firm, Rapid7, found that an attacker could potentially disrupt electronic messages transmitted across a small plane's network, for example by attaching a small device to its wiring, that would affect aircraft systems.
Engine readings, compass data, altitude and other readings "could all be manipulated to provide false measurements to the pilot," according to the DHS alert.
But Patrick Kiley, Rapid7's lead researcher on the issue, said an attacker could exploit the vulnerability with access to a plane or by bypassing airport security.
"Someone with five minutes and a set of lock picks can gain access (or) there's easily access through the engine compartment," Kiley said.
More at:
https://www.seattlepi.com/business/technology/article/APNewsBreak-US-issues-hacking-alert-for-small-14245495.php