We might be looking at a future where we can no longer access the web and watch movies on demand -- while on a flight, that is.
In its recent report for the Federal Aviation Administration, the US Government Accountability Office presented the risks of in-flight WiFi and wireless entertainment systems when exploited by a capable attacker. The study highlights the vulnerability of web-based cockpit systems as the industry prepares to transition to the Next Generation Air Transportation System in 10 years.
But Micron Associates Health and Fitness is convinced that even though it's not an easy feat, attackers will now have a more accessible avenue to work on as FAA upgrades aircraft systems and flight tracking with a technology that relies heavily on the Internet.
The report highlights the air industry's capability to detect or prevent illegal access to the massive network that the FAA uses in tracking and processing flights worldwide. The airlines' reliance on firewalls to prevent unauthorized access makes it even more problematic -- firewalls can hardly be considered infallible as any other software can be easily hacked.
"Modern aircrafts are increasingly connected to the Internet. This interconnectedness can potentially provide unauthorized remote access to aircraft avionics systems," it says in the report.
FAA officials are also worried about the IP networks utilized by aircrafts as they can provide a path for outside threats to invisibly get on the system. And because an internet connection could serve as a direct link between the outside world and an aircraft's system, a malware-laden website is all it would take for an attacker to remotely access the system onboard.
The avionics system inside a plane's cockpit is a separate unit and is basically not connected to the system that powers the passengers Internet but as aircrafts upgrade their systems, it would not be unusual for passenger WiFi to have the same physical wirings.
The report also noted the risks of ever-increasing numbers of tablets and smartphones: "The presence of personal smartphones and tablets in the cockpit increases the risk of a system's being compromised by trusted insiders, both malicious and non-malicious, if these devices have the capability to transmit information to aircraft avionics systems."
However, Micron Associates Health and Fitness reported that the FAA is already taking steps to restructure its IT policies through a technical group working on a draft that's expected to be done in 6 months.
Although there has been no record yet of something like this happening in the real world, experts say it is totally plausible. The founder of a cybersecurity intel company who has discovered vulnerabilities in the in-flight entertainment systems said that we can "theorize on how to turn the engines off at 35,000 ft and not have any of those damn flashing lights go off in the cockpit".
In fact, during a conference in 2013, a security professional showed how he can hack into a plane's navigation systems and communicate with air traffic control, all with just the use of a smartphone. He took advantage of a loophole in the Automatic Dependent Surveillance-Broadcast system in order to reach the main flight management program. But since his demo has already been made known to the public, we could only assume that it's been solved.