Hackers could use in-flight Wi-Fi networks to attack passengers’ personal electronic devices or even to gain remote access to the airplane’s avionics. In the past, avionics systems were isolated and self-contained, but modern airplanes are connected to IP networks. “Internet connectivity in the cabin should be considered a direct link between the aircraft and the outside world, which includes potential malicious actors,” according to the report. Although firewalls are in place to protect avionics systems, firewalls are essentially just software that can be hacked as easily as anything else. If cockpit avionics systems and cabin Wi-Fi share the same physical wiring or router and use the same IP, a passenger could bypass firewalls and access the cockpit avionics system from the cabin.
The report further speculated that attackers could install malware on passengers’ personal devices without their knowledge, which could later “provide an opportunity for a malicious attacker to access the IP-connected onboard information system through their infected machines.”
The GAO summarized cybersecurity challenges in the following areas: protecting air-traffic control systems, protecting aircraft avionics used to operate and guide aircraft, and clarifying cybersecurity roles and responsibilities among multiple FAA offices. So far, the FAA has taken several steps to address these challenges, but the GAO recommends restructuring cybersecurity teams and putting even more focus on preventing malicious attacks in the future.
Source: Wired UK | GAO | Photo by lwpkommunikacio 
