Hackers Could Commandeer New Planes Through Passenger Wi-Fi
Seven years after the Federal Aviation Administration first warned Boeing that its new Dreamliner aircraft had a Wi-Fi design that made it vulnerable to hacking, a new government report suggests the passenger jets might still be vulnerable.
Boeing 787 Dreamliner jets, as well as Airbus A350 and A380 aircraft, have Wi-Fi passenger networks that use the same network as the avionics systems of the planes, raising the possibility that a hacker could hijack the navigation system or commandeer the plane through the in-plane network, according to the US Government Accountability Office, which released a report about the planes today.
A hacker would have to first bypass a firewall that separates the Wi-Fi system from the avionics system. But firewalls are not impenetrable, particularly if they are misconfigured. A better design, security experts have warned for years, is to air gap critical systems from non-critical ones—that is, physically separate the networks so that a hacker on the plane can’t bridge from one to the other, nor can a remote hacker pass malware through the internet connection to the plane’s avionics system. As the report notes, because the Wi-Fi systems in these planes connect to the world outside the plane, it opens the door for malicious actors to also remotely harm the plane’s system.
“A virus or malware planted in websites visited by passengers could provide an opportunity for a malicious attacker to access the IP-connected onboard information system through their infected machines,” according to the report.
Members of the House Transportation and Infrastructure Committee requested the report from the GAO out of growing concern that modern transportation systems, including planes, trains and automobiles, are becoming increasingly computerized and therefore susceptible to some of the same vulnerabilities and attacks that have long plagued desktop and laptop systems.
Boeing responded to the GAO report with a statement saying that a pilot manual override system would prevent someone from successfully commandeering its planes in this way.
This is not the first time the issue of aviation Wi-Fi security has come up for Boeing. In 2008, while Boeing was in the final stages of production on its new Dreamliner line of planes, the Federal Aviation Administration issued a report directing Boeing to address concerns about the passenger Wi-Fi system. The report was a “special conditions” document that the FAA produces whenever it encounters new aircraft designs and technologies that aren’t addressed by existing regulations and standards.
That report was pointing out the same problem that’s getting the company in trouble today. Boeing’s design for the Dreamliner’s Wi-Fi network, the FAA noted in the document, connected it to the plane’s control, navigation and communication systems, thereby establishing “new kinds of passenger connectivity to previously isolated data networks” that are critical to the safe operation of the plane. The FAA called on Boeing at the time to demonstrate that it had resolved this issue before the new line of planes could be put into service.
| Read More |