There has been a lot of discussion around the security risks associated with CAN bus systems in cars, but this risky technology is also being deployed widely in all sorts of transport systems.
After performing a thorough investigation on two commercially available avionics systems, Patrick will show how it is possible for a malicious individual to send false data to these systems, given some level of prior physical access to an aircraft's wiring. Such an attacker could attach a device to an avionics CAN bus that could be used to inject false measurements that would then be displayed to the pilot.
A pilot relying on these instrument readings would not be able to tell the difference between false data and legitimate readings, and this could result in an emergency landing or a catastrophic loss of control of an affected aircraft.
This talk will show that any network system that does not include message integrity can be subject to attack. This talk is not meant to attack CAN bus, but is intended to show that systems that are involved in life‐safety should have additional controls to prevent spoofing attacks such as those presented in this talk.