13:48 GMT13 June 2021
Listen Live
    News
    Get short URL
    0 42
    Subscribe

    The same technology the United States aviation industry has used to modernize flights could also allow hackers to hijack a plane by tapping into its WiFi, a new report by a government watchdog group says.

    As airlines update their systems with Internet-based networks, it is not uncommon for the cockpit avionics system that controls the plane to share a network with the cabin system that lets passengers use their smartphones, tablets or laptops during the flight.

    Cybersecurity experts whose findings were published in a report by the US Government Accountability Office said passengers could use those devices to hack the firewall and access the cockpit from the cabin.

    "According to cybersecurity experts we interviewed, Internet connectivity in the cabin should be considered a direct link between the aircraft and the outside world, which includes potential malicious actors," the report states.

    There is also the potential for remote hackers to infiltrate the IP network and install malware on passenger’s device without their knowledge.

    "One cybersecurity expert noted that a virus or malware planted in websites visited by passengers could provide an opportunity for a malicious attacker to access the IP-connected onboard information system through their infected machines," the report states.

    Chris Roberts, founder of OneWorld Labs, a Colorado based cyber security intelligence firm, told FoxNews.com that vulnerabilities exist within the in-flight entertainment systems.

    "We can still take planes out of the sky thanks to the flaws in the in-flight entertainment systems," said Roberts. "Quite simply put, we can theorize on how to turn the engines off at 35,000 feet and not have any of those damn flashing lights go off in the cockpit."

    However, some experts strongly disagree with this assessment, including Dr. Phil Polstra, a pilot and professor of digital forensics at Bloomberg University.

    "To imply that because IP is used for in-flight WiFi and also on the avionics networks means that you can automatically take over the avionics network makes about as much sense as saying you can take over the jet engines because they breath air like the passengers and there is no air gap between passengers who touch the plane and the engines which are attached to the plane."

    The GAO says that while the Federal Aviation Administration is "taking steps" to improve, there is more that can be done to protect airlines from cyber threats, including adopting an agency-wide approach to cybersecurity.

    "All 15 of our cybersecurity and aviation experts agreed that organizational clarity regarding roles, responsibilities, and accountability is key to ensuring cybersecurity across the organization," the report states.

    Tags:
    cyber attack, cybersecurity, US Government Accountability Office (GAO), US Federal Aviation Administration, US
    Community standardsDiscussion