Hundreds of planes flying commercially today could be vulnerable to having their onboard computers hacked and remotely taken over by someone using the plane’s passenger WiFi network, or even by someone on the ground, according to a new report from the Government Accountability Office.
One of the authors of the report, Gerald Dillingham, told CNN the planes, include the Boeing 787 Dreamliner, the the Airbus A350 and A380 aircraft and have advanced cockpits that are wired into the same WiFi system used by passengers.
“Modern communications technologies, including IP connectivity, are increasingly used in aircraft systems, creating the possibility that unauthorized individuals might access and compromise aircraft avionics systems,” according to the report, which is based on interviews with cybersecurity and aviation experts.
The government investigators who wrote the report say it is theoretically possible for someone with just a laptop to:
— Commandeer the aircraft
— Put a virus into flight-control computers
— Jeopardize the safety of the flight by taking control of computers
— Take over the warning systems or even navigation systems
The report explains as the air traffic control system is upgraded to use Internet-based technology on both the ground and in planes, avionics could be compromised . Older planes systems aren’t highly Internet-based so the risk for aircraft 20 years and older is less.
The GAO report does not draw a roadmap on how this could be done, but it does say someone would have to bypass the firewall that separates the WiFi from the rest of the plane’s electronics.
GAO Investigators say they spoke with four cybersecurity experts about the firewall vulnerabilities, “and all four said that because firewalls are software components, they could be hacked like any other software and circumvented. ”
Commercial pilot John Barton told CNN, “We’ve had hackers get into the Pentagon. So getting into an airplane computer system I would think is probably quite easy at this point.”