WASHINGTON (Reuters) - U.S. commercial airliners could be hacked in flight by passengers using a plane’s wireless entertainment system to access its flight controls, a federal watchdog agency warned on Tuesday.
A new report from the U.S. Government Accountability Office identified the danger as one of several emerging cybersecurity weaknesses that the Federal Aviation Administration must address as the air traffic control systems move toward next generation technology.
“Internet connectivity in the cabin should be considered a direct link between the aircraft and the outside world, which includes potential malicious actors,” the report said.
FAA Administrator Michael Huerta concurred with the GAO’s findings and said the aviation regulator has begun working with government security experts including the National Security Agency to identify needed changes.
“This threat will continue to evolve and it is something that needs to be at the forefront of our thinking,” he told a Senate oversight panel.
GAO investigators spoke to cybersecurity experts who said onboard firewalls intended to protect avionics from hackers could be breached if flight control and entertainment systems use the same wiring and routers.
One cybersecurity expert told investigators that “a virus or malware” planted on websites visited by passengers could provide an opportunity for a malicious attack.
Lawmakers in Congress called on FAA to act.
“This report exposed a real and serious threat - cyberattacks on an aircraft in flight,” said U.S. Representative Peter DeFazio, ranking Democrat on the House Transportation and Infrastructure Committee.
“FAA must focus on aircraft certification standards that would prevent a terrorist with a laptop in the cabin or on the ground from taking control of an airplane through the passenger Wi-Fi system.”
Reporting by David Morgan; Editing by Jonathan Oatis and Steve Orlofsky