Maybe it appears to be fear mongering and the potential is extreme, but Wi-Fi available on commercial flights could end up hacked with the attacker taking control of the airplane, a government watchdog said.
The Government Accountability Office (GAO) presented a potential scenario for airlines — while not easy to hack into or very likely – to step all security measures.
As airlines and the Federal Aviation Administration attempt to modernize planes and flight tracking with Internet-based technology, attackers have a new vulnerability they could exploit.
Avionics in a cockpit operate as a self-contained unit and do not connect to the same system used by passengers to watch movies or work on their laptops. But as airlines update their systems with Internet-based networks, it’s not uncommon for Wi-Fi systems to share routers or internal wiring.
According to the report, FAA and cybersecurity experts told investigators that airlines are relying on firewalls to create barriers. But because firewalls are software, they are hackable.
“According to cybersecurity experts we interviewed, Internet connectivity in the cabin should be considered a direct link between the aircraft and the outside world, which includes potential malicious actors,” the report said.
Chris Roberts, founder of OneWorld Labs, a Colorado based cyber security intelligence firm, said vulnerabilities exist within the in-flight entertainment systems.
“We can still take planes out of the sky thanks to the flaws in the in-flight entertainment systems,” said Roberts, who discovered susceptibilities in the system passengers use to watch television at their seats and is sharing his findings with the federal government. “Quite simply put, we can theorize on how to turn the engines off at 35,000 feet and not have any of those damn flashing lights go off in the cockpit.”
Theoretical vulnerabilities exist within the In Flight Entertainment systems on the Panasonic and Thales installations, the two main providers of these systems, across a wide variety of planes, Roberts said. The systems can end up breached wirelessly, and, once in, a clever hacker can gain access into other areas of the plane’s network, Roberts said.
The GAO released a separate report last March that determined the FAA’s system for guiding planes and other aircraft also was at “increased and unnecessary risk” of suffering from a hack attack.