US government fears airline Wi-Fi could allow hackers to bring down planes

15 Apr 2015

In a new report issued by the US Government Accountability Office (GAO), the watchdog organisation said it fears that offering Wi-Fi on flights might allow cyber-terrorists to take control of an aircraft and bring it down.

The report has been issued as part of its overview of the Federal Aviation Authority’s (FAA) extensive modernisation programme to bring the latest technology aboard US commercial passenger fleets, while also establishing the regulations that will cater for services, including Wi-Fi onboard aircrafts.

As part of its analysis of the FAA’s plans, the GAO have laid out what it describes as the issues that could arise from a more connected aircraft, particularly the potential for “unauthorised remote access to aircraft avionics systems”.

While the GAO acknowledged that the FAA were working on tightening security to prevent the possibility that someone either on board an aircraft or outside could engage in cyber-terrorism that could bring an aircraft down, it felt that it could do with some improvement, most noticeably the inclusion of the FAA’s Aviation Safety Office (AVS) on all security meetings.

“Not including AVS as a full member could hinder FAA’s efforts to develop a coordinated, holistic, agency-wide approach to cybersecurity,” the report said.

GAO report image

Many options of attack

In the detailed report posted to the GAO’s page, the organisation said that four cybersecurity experts  it consulted said: “because firewalls are software components, they could be hacked like any other software and circumvented”.

The report continued: “The experts said that if the cabin systems connect to the cockpit avionics systems (i.e shares the same physical wiring harness or router) and use the same networking platform, in this case IP, a user could subvert the firewall and access the cockpit avionics system from the cabin.”

One of these experts suggested that if a passenger were to visit a particular malware-infected website it  “could provide an opportunity for a malicious attacker to access the IP-connected onboard information system through their infected machines”.

Likewise, a smartphone or tablet left in the cockpit could allow someone trusted by those operating the aircraft to compromise its avionics systems.

Woman using a tablet on aircraft image via Shutterstock

Colm Gorey was a senior journalist with Silicon Republic

editorial@siliconrepublic.com