DENVER — The same Wi-Fi access available to passengers on commercial flights could be used by hackers to bring down planes, a government watchdog agency warned Tuesday.
Investigators for the Government Accountability Office (GAO) found that hackers could potentially use the on-flight Wi-Fi network to commandeer aircraft computer systems and jeopardize flights, using just a laptop. The report claims it wouldn’t be easy or likely, but it’s possible.
With many aircraft now adding Wi-Fi access to their flights, GAO warns that this connectivity may compromise flight safety.
“Modern aircraft are increasingly connected to the Internet. This interconnectedness can potentially provide unauthorized remote access to aircraft avionics systems,” the report reads.
The avionics systems in the cockpit are not connected to the same system used by passengers to access the Internet during commercial flights. But with aircraft systems updating to rely on Internet-based technology, there is the possibility that Wi-Fi systems may share IP networks or internal wiring.
These Wi-Fi networks are currently protected by firewalls, but cybersecurity experts told GAO that firewalls, like any other software, can be hacked and circumvented. The report raises other concerns about vulnerability to hacking through USB plugs wired to the airplane’s avionics systems or viruses from websites passengers may access.
“According to cybersecurity experts we interviewed, Internet connectivity in the cabin should be considered a direct link between the aircraft and the outside world, which includes potential malicious actors,” the report says.
The Federal Aviation Administration does not currently have a certification standard for an airliner’s cybersecurity, but they do have several policies and an executive cybersecurity steering committee established in November 2013.
The GAO report praises the FAA for its work so far in developing policies to address an aircraft’s cybersecurity, but says there is a need for the FAA to develop “a coordinated, holistic, agency-wide approach” to account for these vulnerabilities.