In-flight Wi-Fi could potentially open up avionics controls to hackers
The U.S. Government Accountability Office on April 14 released a report detailing the potential for in-flight Wi-Fi networks to be compromised by cyber attacks.
In the 56-page report, the GAO found that connectivity associated with modern aircraft “can potentially provide unauthorized remote access to aircraft avionics systems.”
Connectivity as it applies to aircraft is regulated and monitored by the Federal Aviation Administration’s Office of Safety, and to better address cyber security, the FAA has created a Cyber Security Steering Committee.
Wired reports that particular safety concerns are associated with Boeing’s 787 Dreamliner and the Airbus A350 and A380 models.
From that report, those models “have Wi-Fi passenger networks that use the same network as the avionics systems of the planes, raising the possibility that a hacker could hijack the navigation system or commandeer the plane through the in-plane network.”
While the passenger portion of the network is separated from the avionics side, that configuration isn’t foolproof.
“A virus or malware planted in websites visited by passengers could provide an opportunity for a malicious attacker to access the IP-connected onboard information system through their infected machines,” according the report.
GAO officials wrote: “FAA has taken steps to protect its [air traffic control] systems from cyber-based threats; however, significant security-control weaknesses remain that threaten the agency’s ability to ensure the safe and uninterrupted operation of the national airspace system.”
“FAA will continue to be challenged in protecting ATC systems because it has not developed a cybersecurity threat model.”
The report recommends the FAA undertake modelling of potential threats, but points out that the FAA “has no plans to produce a [a threat model] and has not assessed the funding or time that would be needed to do so. Without such a model, FAA may not be allocating resources properly to guard against the most significant cybersecurity threats.”
