Sign up to our newsletter
Planes offering in-flight Wi-Fi are vulnerable to being hacked and controlled by onboard passengers, a US government watchdog has warned.
A new report published by the Government Accountability Office (GAO) has suggested that the adoption of modern technology onboard commercial flights could put passengers at risk, as Wi-Fi and other internet-reliant services give attackers a new vulnerability to exploit. The nightmare scenario would not be easily achieved, the report admits, but firewalls protecting passengers are not sufficient to guarantee their safety.
As noted by The Guardian, the report identifies a problem whereby cockpit controls and the passenger cabin are connected via a shared IP address, and while the connection is protected with firewalls, this safety net is not infallible.
“Four cybersecurity experts with whom we spoke discussed firewall vulnerabilities, and all four said that because firewalls are software components, they could be hacked like any other software and circumvented,” says the report. “According to cybersecurity experts we interviewed, internet connectivity in the cabin should be considered a direct link between the aircraft and the outside world, which includes potential malicious actors.”
According to a report by Business Insider, the Federal Aviation Administration has accepted the report’s findings, while adding that it has been working with government security experts to address the new threats.
It’s worth noting that many airlines do have additional security in place, including Boeing which has a manual override system installed in its planes for the unlikely event of an attempted hijack. UberGizmo also highlights a statement by Airbus, which claims that the airline “constantly assesses and revisits the system architecture of our products, with an eye to establishing and maintaining the highest standards of safety and security.”
Back in August, aircraft security expert Dr Phil Polstra reassured flyers that the skies are safe for now, but added that increased automation and unsecured protocols could prove “problematic” in the future.
Author Kyle Ellison, ESET