Report's Bold Claim: Hackers Could Potentially Take Over a Plane

PLANE2
According to one security consultant, the real concern is the satellite communication equipment—how a plane connects digitally with the outside world. Valentyn Ogirenko/Reuters

Hundreds of commercial planes are vulnerable to being taken over by hackers, as the cockpit and passengers' Wi-Fi connect to a single network, says a new Government Accountability Office (GAO) report released on Tuesday.

Someone with a laptop in the cabin, or even on the ground, could potentially access the aircraft's avionics system, Gerald Dillingham, one of the report's writers, told NPR. He added in an interview with CNN that the planes open to attack include the Boeing 787 Dreamliner, the Airbus A350 and A380 aircrafts. Older planes have separate networks, which removes a layer of vulnerability.

The authors also told CNN that a hacker could potentially "commandeer the aircraft, put a virus into flight control computers, jeopardize the safety of the flight by taking control of computers, and take over the warning systems or even navigation systems."

While the GAO report does not explain how these attacks could be carried out, Ruben Santamarta, principal security consultant for IOActive, a security advising company admits that some of the attack scenarios are feasible.

He adds that the ability for a hacker to cross the red line between passenger Wi-Fi and aircraft control depends heavily on the specific hardware, software and configuration of each aircraft.

But even if these Wi-Fi systems are segregated, the plane is not safe from being hacked.

Santamarta believes the real concern is the satellite communication equipment (SATCOM)—how a plane connects digitally with the outside world—which feed the passenger's entertainment services and personal Internet, as well as airline information services and the aircraft control. The SATCOM equipment has to provide Internet access for passengers, as well as air-to-ground communications for avionics.

"As long as there is a physical path that connects both [passengers and aircraft control], we can't discard a potential attack," he says.

While firewalls exist between passenger-accessible systems and the plane's avionics, those are also susceptible to being breached.

"Four cybersecurity experts with whom we spoke discussed firewall vulnerabilities, and all four said that because firewalls are software components, they could be hacked like any other software and circumvented," the report says.

"Internet connectivity in the cabin should be considered a direct link between the aircraft and the outside world, which includes potential malicious actors."

The Federal Aviation Administration is taking steps to improve its cybersecurity policies. "A working group expects to complete a draft by September 2015 that reflects the restructuring of IT infrastructure," the report says.