US commercial airliners could be hacked in-flight by passengers using a plane’s wireless entertainment system to access its flight controls, a federal watchdog agency warned.
A new report from the US Government Accountability Office (GAO) identified the danger as one of several emerging cybersecurity weaknesses that the Federal Aviation Administration (FAA) must address as air traffic control systems move toward next generation technology.
“Internet connectivity in the cabin should be considered a direct link between the aircraft and the outside world, which includes potential malicious actors,” the report said.
FAA administrator Michael Huerta concurred with the GAO's findings and said the aviation regulator has begun working with government security experts, including the National Security Agency, to identify changes needed.
“This threat will continue to evolve and it is something that needs to be at the forefront of our thinking,” Mr Huerta told a US senate oversight panel.
Breach of firewalls
GAO investigators spoke to cybersecurity experts who said onboard firewalls intended to protect avionics from hackers could be breached if flight control and entertainment systems used the same wiring and routers.
One cybersecurity expert told investigators that “a virus or malware” planted on websites visited by passengers could provide an opportunity for a malicious attack.
Lawmakers in Congress called on the FAA to act on the results of the report.
“This report exposed a real and serious threat - cyberattacks on an aircraft in-flight,” said US representative Peter DeFazio, ranking Democrat on the House transportation and infrastructure committee.
“FAA must focus on aircraft certification standards that would prevent a terrorist with a laptop in the cabin or on the ground from taking control of an airplane through the passenger Wi-Fi system.”
Reuters