US government watchdog says more steps should be taken to prevent unauthorised access to avionic systems
In-flight Wi-Fi could be used by terrorists or other hackers to take control of an aircraft’s avionic systems, US authorities have warned.
The US Government Accountability Office (GAO) says avionic systems that have traditionally been self-contained are now sharing the same network as passenger Wi-Fi, raising the possibility of remote unauthorised access.
The findings were disclosed in a report commissioned to review the Federal Aviation Authority (FAA)’s cybersecurity efforts and included contributions from a number of security experts.
“According to cybersecurity experts we interviewed, Internet connectivity in the cabin should be considered a direct link between the aircraft and the outside world, which includes potential malicious actors,” said the report. “One cybersecurity expert noted that a virus or malware planted in websites visited by passengers could provide an opportunity for a malicious attacker to access the IP-connected on-board information system through their infected machines.
“Firewalls protect avionics systems located in the cockpit from intrusion by cabin system users, such as passengers who use in-flight entertainment services on board. Four cybersecurity experts with whom we spoke discussed firewall vulnerabilities, and all four said that because firewalls are software components, they could be hacked like any other software and circumvented.
“The experts said that if the cabin systems connect to the cockpit avionics systems (e.g., share the same physical wiring harness or router) and use the same networking platform, in this case IP, a user could subvert the firewall and access the cockpit avionics system from the cabin.”
Because avionic systems had previously been considered immune to outside threats, the FAA’s security processes focused on component failure and ensuring only trusted insiders, such as pilots, had access.
The GAO said the FAA is aware of the new threat and is to adjust its aircraft security measures to mitigate any perceived threat. Experts say that although the threat shouldn’t be underestimated, users should exercise the same caution as if they were using any other type of public Wi-Fi.
“While it is true that firewalls could be potentially bypassed by those with ill intent, we have to remember that aircraft systems are built with safety in mind,” said Jovi Umawing, malware intelligence analyst at Malwarebytes. “These systems, which we deem life- or safety-critical, have redundancies in place to lessen the chances of tragic outcomes should they be compromised. As the GAO report does not clearly elaborate if this new threat via cabin Wi-Fi takes into account such systems, we can’t know for sure if an attack like this would be successful.
“This doesn’t mean that vulnerabilities found in Wi-Fi and aviation systems shouldn’t be taken seriously. Travellers must still adhere to safe computing practices and treat the plane Wi-Fi in the same way they would free public Wi-Fi in a coffee shop. That means avoiding logging into websites containing lots of sensitive information like online banking or social media accounts. Airplane Wi-Fi may be password protected but that doesn’t mean there isn’t someone logged onto the network sniffing around for packets and looking to take advantage of travellers’ trust in the system. ”
Air travel has long been considered the final refuge of those wishing to avoid phone calls, text messages and the Internet, but this sanctuary is slowly being eroded as more airlines offer in-flight Wi-Fi.
A number of US carriers and Australia’s Qantas have offered connections for some time, while British Airways is set to offer Internet to passengers through a new S-band satellite called Europsat, which will go live in 2016 with the intent of serving the European aviation market.
Virgin Atlantic already offers high speed connectivity on some transatlantic flights from Europe after the Branson-branded airline agreed a deal with Gogo late last year.
Think you know your transport tech? Find out with our quiz!