Multiplex data buses in vehicles (e.g., automobiles, airplanes, etc.) provide communication among vehicle components and subsystems over a wire. For example, MIL-STD-1553B is a multiplex data bus standard, where a multiplex data bus according to such standard provides real-time communication for remote terminals on the multiplex data bus. Remote terminals, under MIL-STD-1553B, comprise components and subsystems of military and civil aircraft (e.g., avionics components, communications subsystems, etc.). Architecture of multiplex data buses requires that a bus controller initiate communication among the remote terminals on the bus by transmitting, by way of the bus, messages that comprise command words to the remote terminals. Each of the remote terminals receives and parses the messages to determine whether the messages comprise addresses of the remote terminals. Responsive to determining that a message comprises an address of a remote terminal, the addressed remote terminal acts in accordance with the instructions included in the message.
It is possible for the multiplex data bus to become compromised by a rogue terminal attack (e.g., a where a remote terminal is modified or controlled by a malicious actor and acts as a rogue terminal). When a remote terminal attack occurs, a rogue terminal can transmit messages, comprising command words, on the bus. Because remote terminals that listen for messages on the bus do not validate the origin of the messages, the remote terminals receive and parse the messages. When one of the messages includes an address of a remote terminal on the bus, the addressed remote terminal executes instructions in the message. The message could comprise instructions that, when executed by the addressed remote terminal, result in the remote terminal being manipulated (or other remote terminals on the bus being manipulated). Further, the addressed remote terminal, when executing malicious instructions, may overwrite firmware of a bus controller connected to the bus with malicious code.