VansAirForceForums  
Home > VansAirForceForums

- POSTING RULES
- Donate yearly (please).
- Advertise in here!

- Today's Posts | Insert Pics

  #1  
Old 07-30-2019, 04:02 PM
rjtjrt rjtjrt is offline
 
Join Date: Mar 2006
Location: Australia
Posts: 744
Default CAN Bus Can Be Hacked

Report CAN Bus is insecure to hacking.

https://www.stuff.co.nz/travel/trave...r-small-planes
Reply With Quote
  #2  
Old 07-30-2019, 04:10 PM
GalinHdz's Avatar
GalinHdz GalinHdz is offline
 
Join Date: Mar 2010
Location: KSGJ / TJBQ
Posts: 1,760
Default

Quote:
Originally Posted by rjtjrt View Post
Report CAN Bus is insecure to hacking.

https://www.stuff.co.nz/travel/trave...r-small-planes
But DHS specifically states they must have "unsupervised physical access to the airplane". Not sure about you, but I know if anybody else is in my airplane wih me.
__________________
Galin
CP-ASEL-AMEL-IR
FCC Radiotelephone (PG) with Radar Endorsement
2019 Dues Paid
www.PuertoRicoFlyer.com
Reply With Quote
  #3  
Old 07-30-2019, 04:11 PM
jacoby jacoby is offline
 
Join Date: Jul 2018
Location: WNC
Posts: 169
Default

First rule of security: if someone has physical access, all other rules are void.

IMHO, this really isn't much different than someone going in and futzing with your analog gauge calibration or disconnecting an antenna or loosening a control, etc.

Now if this could be exploited without touching the CAN bus wiring, that would be a whole new world of problems.
Reply With Quote
  #4  
Old 07-30-2019, 04:43 PM
dreed dreed is offline
 
Join Date: Nov 2016
Location: Camas, WA
Posts: 236
Default

I work in an industry that is heavily involved with the transportation industry (lots of big trucks/Mil/etc.)

All of the major truck manufactures are moving to a read only data bus/Can bus for ancillary devices for the same reasons and concerns.

https://www.trucks.com/2016/08/11/tr...yber-security/
__________________
Dan Reed
Camas, WA
RV-7A - Slider in progress - N167DR (reserved)
Working on cowl
2018 and 2019 VAF dues paid
Reply With Quote
  #5  
Old 07-30-2019, 04:56 PM
BrianDC's Avatar
BrianDC BrianDC is offline
 
Join Date: Mar 2016
Location: Northern VA
Posts: 217
Default

This is not news, just someone applying what has been done in the Auto world to aviation. Wired did a piece on what someone could do if they had access to the CAN bus in Autos back in 2015 (Hint, this still required physical access in the first place):
https://www.wired.com/2015/07/hacker...-jeep-highway/

As others and even DHS have said, physical access is required. Do you realize that hackers could even hack your laptop if they got physical access to it? Seriously, this is a just silly.

It would be much easier for someone to attack the ADSB system, jam GPS, mess with the ILS or any of a number of other things.
__________________
Brian Lester
RV10 - #41778
Empennage - Done (for now)
Wings - Done (for now)
Fuselage - in progress
RV10builder.com
KVKX / KHEF
Reply With Quote
  #6  
Old 07-30-2019, 05:35 PM
Lemmingman's Avatar
Lemmingman Lemmingman is offline
 
Join Date: Jun 2010
Location: McKinney, TX
Posts: 685
Default

Quote:
Originally Posted by BrianDC View Post
This is not news, just someone applying what has been done in the Auto world to aviation. Wired did a piece on what someone could do if they had access to the CAN bus in Autos back in 2015 (Hint, this still required physical access in the first place):
https://www.wired.com/2015/07/hacker...-jeep-highway/

As others and even DHS have said, physical access is required. Do you realize that hackers could even hack your laptop if they got physical access to it? Seriously, this is a just silly.
The risk, as far as I can tell is pretty low for this particular use case. Brian is right, this has been done before but is probably a good notice for us in the experimental GA world to understand that the risk, though small, does exist.

Someone doesn't have to be doing something nefarious for this to manifest itself. The basic idea is that communication on the bus is not validated in any way that it originates from a trusted source.

Fly IFR with components meant for that task. Fly VFR with eyes outside.
__________________
Gil Brice
McKinney, TX EAA-1246
RV7 - Working on fuse, fuel, brakes etc...
Reply With Quote
  #7  
Old 07-30-2019, 06:06 PM
Brantel's Avatar
Brantel Brantel is offline
 
Join Date: Mar 2006
Location: Newport, TN
Posts: 7,441
Default

Same could be said of basically all the systems in GA aircraft.
__________________
Brantel (Brian Chesteen),
Check out my RV-10 builder's BLOG
RV-10, #41942, N?????, Working on Emp/Tail Cone
---------------------------------------------------------------------
RV-7/TU, #72823, N159SB
Lyc. O-360 carbed, HARTZELL BA CS Prop, Dual P-MAGs, Dual Garmin G3X Touch
Track N159SB (KK4LIF)
Like EAA Chapter 1494 on Facebook
Reply With Quote
  #8  
Old 07-30-2019, 06:06 PM
Thermos's Avatar
Thermos Thermos is offline
 
Join Date: Jan 2005
Location: KASH
Posts: 428
Default

In career #1 I was one of those people who sat around hypothesizing how a bad actor would get into safety-critical aerospace systems. It's a good way to drive yourself nuts.

I'll sleep tight tonight knowing that I'm just one person among millions using CAN bus, and if somebody really wants to mess with me there are far more time- and cost-effective ways than hacking my airplane's avionics.

ds
__________________
Dave Setser
RV-7 skin, bones, muscle, heart and nervous system complete...down to the last 10 percent
Nashua, NH (KASH)
Putting the "slow" in slow-build since 2004!

Last edited by Thermos : 07-30-2019 at 06:15 PM.
Reply With Quote
  #9  
Old 07-30-2019, 10:30 PM
DaleB's Avatar
DaleB DaleB is offline
 
Join Date: Sep 2012
Location: Omaha, NE (KMLE)
Posts: 2,121
Default

Wow. Good thing we donít use anything even less secure. You know, like USB or even RS232 serial.

Now I need an ibuprofen. My eyes rolled so hard it made my head hurt.
__________________
Dale

Omaha, NE
RV-12 # 222 N980KM "Screamin' Canary" (bought flying)
Fisher Celebrity (under construction)
Previous RV-7 project (sold)
Reply With Quote
  #10  
Old 07-31-2019, 12:26 AM
rv8ch rv8ch is offline
 
Join Date: Feb 2005
Location: LSGG
Posts: 2,520
Default physical security

Everyone is right - once you give physical access, all bets are off. But still, there are lots of ways that the CAN bus can and should be improved. Reminds me of the early days of ethernet and brokenring - plug something into the network and you could do anything.

Lots of scenarios I can think of that can be exploited with bad CAN security - rogue actor plugging something into the bus during maintenance, innocent actor plugging nefarious device in, etc.
__________________
Mickey Coggins
http://rv8.ch
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -6. The time now is 06:39 AM.


The VAFForums come to you courtesy Delta Romeo, LLC. By viewing and participating in them you agree to build your plane using standardized methods and practices and to fly it safely and in accordance with the laws governing the country you are located in.