Can the CAN bus fly ­Risks of CAN bus networks within avionics systems

BSidesLV 2019

Presented by: Patrick Kiley
Date: Tuesday August 06, 2019
Time: 12:00 - 12:25
Location: I Am The Cavalry

There has been a lot of discussion around the security risks associated with CAN bus systems in cars, but this risky technology is also being deployed widely in all sorts of transport systems.

After performing a thorough investigation on two commercially available avionics systems, Patrick will show how it is possible for a malicious individual to send false data to these systems, given some level of prior physical access to an aircraft’s wiring. Such an attacker could attach a device to an avionics CAN bus that could be used to inject false measurements that would then be displayed to the pilot.

A pilot relying on these instrument readings would not be able to tell the difference between false data and legitimate readings, and this could result in an emergency landing or a catastrophic loss of control of an affected aircraft.

This talk will show that any network system that does not include message integrity can be subject to attack. This talk is not meant to attack CAN bus, but is intended to show that systems that are involved in life‐safety should have additional controls to prevent spoofing attacks such as those presented in this talk.

Patrick Kiley

Patrick Kiley is a security consultant and researcher with a strong interest in transport and critical infrastructure systems. His more than 18 years of information security experience includes working with both private sector employers and the Department of Energy/National Nuclear Security Administration (NNSA). Patrick has spent many years researching transportation systems, and he is currently building an experimental aircraft in his garage. Patrick was one of the first people to receive the Advanced Penetration Testing and Exploit development (GXPN) certifications from SANS and also holds GPEN, GAWN, GCIH, CISSP, MCSE certifications, and a pilot’s license.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats