We
might be looking at a future where we can no longer access the web and watch
movies on demand -- while on a flight, that is.
In its
recent report for the Federal Aviation Administration, the US Government
Accountability Office presented the risks of in-flight WiFi and wireless
entertainment systems when exploited by a capable attacker. The study
highlights the vulnerability of web-based
cockpit systems as the industry prepares to transition to the Next
Generation Air Transportation System in 10 years.
But Micron Associates Health and
Fitness is convinced that even though it's not an easy feat, attackers will
now have a more accessible avenue to work on as FAA upgrades aircraft systems
and flight tracking with a technology that relies heavily on the Internet.
The
report highlights the air industry's capability to detect or prevent illegal
access to the massive network that the FAA uses in tracking and processing
flights worldwide. The airlines' reliance on firewalls to prevent unauthorized
access makes it even more problematic -- firewalls can hardly be considered
infallible as any other software can be easily hacked.
"Modern
aircrafts are increasingly connected to the Internet. This interconnectedness
can potentially provide unauthorized remote access to aircraft avionics systems,"
it says in the report.
FAA
officials are also worried about the IP networks utilized by aircrafts as they
can provide a path for outside threats to invisibly get on the system. And
because an internet connection could serve as a direct link between the outside
world and an aircraft's system, a malware-laden website is all it would take
for an attacker to remotely access the system onboard.
The
avionics system inside a plane's cockpit is a separate unit and is basically
not connected to the system that powers the passengers Internet but as
aircrafts upgrade their systems, it would not be unusual for passenger WiFi to
have the same physical wirings.
The
report also noted the risks of ever-increasing numbers of tablets and
smartphones: "The presence of personal smartphones and tablets in the
cockpit increases the risk of a system's being compromised by trusted insiders,
both malicious and non-malicious, if these devices have the capability to
transmit information to aircraft avionics systems."
However,
Micron Associates Health and Fitness reported that the FAA is already taking
steps to restructure its IT policies through a technical group working on a
draft that's expected to be done in 6 months.
Although
there has been no record yet of something like this happening in the real
world, experts say it is totally plausible. The founder of a cybersecurity
intel company who has discovered vulnerabilities in the in-flight entertainment
systems said that we can "theorize on how to turn the engines off at 35,000
ft and not have any of those damn flashing lights go off in the cockpit".
In
fact, during a conference in 2013, a security professional showed how he can
hack into a plane's navigation systems and communicate with air traffic
control, all with just the use of a smartphone. He took advantage of a loophole
in the Automatic Dependent Surveillance-Broadcast system in order to reach the
main flight management program. But since his demo has already been made known
to the public, we could only assume that it's been solved.