A new report published by the United States Government Accountability Office (GAO) warns that a malicious actor could remotely hack an airliner’s onboard computers using the passenger Wi-Fi network.
Anyone with just a laptop, the report claims, could infect a plane’s computers with malware and/or take control of the airliner’s navigation and warning systems. It goes on to explain that either scenario could allow an attacker to commandeer the plane and jeopardize the safety of the flight.
The GAO report ultimately does not outline how this could be done. It does emphasize the point, however, that hackers could bypass the firewalls that separate the passenger Wi-Fi network from the plane’s avionic systems.
“Four cybersecurity experts with whom we spoke discussed firewall vulnerabilities, and all four said that because firewalls are software components, they could be hacked like any other software and circumvented,” explains the GAO.
The threat of on-board hacking is made worse by smartphones, according to the report: “The presence of personal smartphones and tablets in the cockpit increases the risk of a system’s being compromised by trusted insiders, both malicious and non-malicious, if these devices have the capability to transmit information to aircraft avionics systems.”
Boeing, a well-known multinational producer and seller of airplanes, responded to the report by saying that its pilot manual override system would prevent an attacker from commandeering the plane. The corporation first developed this solution in 2008 in response to the Federal Aviation Administration’s concerns about Boeing’s on-board WiFi system, but security experts warned at the time the software firewalls could still be penetrated.
As WIRED notes, it is unclear whether the report’s authors have tested solutions such as Boeing’s or have based their findings on some experts’ view that any solution that does not involve air-gapping a plane’s avionic systems is insufficient and leaves planes exposed to hacks.
In response to the GAO’s findings, the FAA Administrator Michael Huerta has said he has begun working with government security experts to identify needed changes.
“This threat will continue to evolve,” Huerta stated. “It is something that needs to be at the forefront of our thinking.”