WASHINGTON – Airliner controls are vulnerable to hacking by passengers using Wi-Fi aboard the plane, according to a Government Accountability Office report Tuesday.
Four security experts told GAO that if the wi-fi system shares the same wiring harness or router as the plane’s avionics system, which guides and controls the aircraft, a passenger could gain access to the avionics.
A Federal Aviation Administration official told GAO that additional security measures aboard the plane could strengthen the system.
Rep. Peter DeFazio of Oregon, the top Democrat on the House Transportation Committee, said the “report exposed a real and serious threat.”
“FAA must focus on aircraft certification standards that would prevent a terrorist with a laptop in the cabin or on the ground from taking control of an airplane through the passenger Wi-Fi system,” DeFazio said.
Keith Washington, acting assistant secretary of Transportation for administration, replied to GAO that the FAA is vigilant against disruption. FAA created an executive cybersecurity steering committee in November 2013 to develop comprehensive strategy for identifying and correcting vulnerabilities.
“We take this risk very seriously,” Washington said.
Aircraft avionics were historically isolated and protected from remote attack. But the advent of broadband services offering Wi-Fi for passengers also opened the door to cyber threats.
One cybersecurity expert told GAO that a virus planted in websites visited by passengers could allow an attacker to access the on-board computer system through infected machines. Five experts said smartphones and tablets in the cockpit increases the risk of the electronics being infected by a crew member.
Although FAA’s certification standards don’t currently address cybersecurity, the agency can issue special conditions to deal with risks. For example, special conditions apply to computer connectivity in the latest Boeing 787 and Airbus A350 models to prevent unauthorized access.
http://www.usatoday.com/story/news/2015/04/14/gao-airline-cybersecurity-hacking/25786491/