Airplane Wi-Fi could help terrorists bring down a passenger plane, U.S. authority believes
Wed 15 Apr 2015
A new report from the U.S. Government Accountability Office (GAO) warns that the increased uptake of Wi-Fi provision on aircraft could enable attackers to take control of an airplane – even by so simple a hack as a passenger clicking on a malicious link.
The report [PDF] outlines the possibility of that ‘unauthorized individuals’ could access and compromise avionics systems, with exploits spreading from passenger use of IP availability to potentially penetrate the firewall which ring-fences cockpit connectivity. The report, part of the Federal Aviation Authority’s study into the pros and cons of bringing increased connectivity to passenger flight, says: “the presence of personal smart phones and tablets in the cockpit increases the risk of a system’s being compromised by trusted insiders, both malicious and non-malicious, if these devices have the capability to transmit information to aircraft avionics systems,”
Aviation IP connectivity does not have up-to-date legislation or security protocols, since the spread of on-board Wi-Fi is happening faster than the (previously little-connected) aircraft systems were ready for.
GAO consulted with several cybersecurity experts before making its initial recommendations, one of whom advised that web-originated malware or a virus could provide opportunity for an attacker to access on-board information systems via the IP-connected passenger network. “According to cybersecurity experts we interviewed,” the report states “Internet connectivity in the cabin should be considered a direct link between the aircraft and the outside world, which includes potential malicious actors,”
The GAO recognizes that the Federal Aviation Authority is addressing the potential risks of Wi-Fi connectivity on passenger flights, but recommends that the FFA’s Aviation Safety Office be included as security policy develops.
Regarding cockpit cyber-security, the report states:
“Four cybersecurity experts with whom we spoke discussed firewall vulnerabilities, and all four said that because firewalls are software components, they could be hacked like any other software and circumvented. The experts said that if the cabin systems connect to the cockpit avionics systems (e.g., share the same physical wiring harness or router) and use the same networking platform, in this case IP, a user could subvert the firewall and access the cockpit avionics system from the cabin ,”