Can the CAN bus fly ­Risks of CAN bus networks within avionics systems

Speaker – Patrick Kiley

Synopsis

There has been a lot of discussion around the security risks associated with CAN bus systems in cars, but this risky technology is also being deployed widely in all sorts of transport systems.

After performing a thorough investigation on two commercially available avionics systems, Patrick will show how it is possible for a malicious individual to send false data to these systems, given some level of prior physical access to an aircraft’s wiring. Such an attacker could attach a device to an avionics CAN bus that could be used to inject false measurements that would then be displayed to the pilot.

A pilot relying on these instrument readings would not be able to tell the difference between false data and legitimate readings, and this could result in an emergency landing or a catastrophic loss of control of an affected aircraft.

This talk will show that any network system that does not include message integrity can be subject to attack. This talk is not meant to attack CAN bus, but is intended to show that systems that are involved in life‐safety should have additional controls to prevent spoofing attacks such as those presented in this talk.

About the Speaker

Patrick Kiley (GXPN, GPEN, GAWN, GCIH, CISSP, MCSE) has over 15 years of information security experience working with both private sector employers and the Department of Energy/National Nuclear Security Administration (NNSA). While he was with the NNSA he built the NNSA’s SOC and spent several years working for emergency response and management teams. Patrick has performed research in Avionics security and Internet connected transportation platforms. Patrick has experience in hardware hacking, IoT, Autonomous Vehicles and CAN bus.