The same Internet access now available on most commercial flights makes it possible for hackers to bring down a plane, a government watchdog warned Tuesday.
The finding by the Government Accountability Office presents chilling new scenarios for passengers. The report doesn't suggest it would be easy to do, or very likely. But it points out that as airlines and the Federal Aviation Administration attempt to modernize planes and flight tracking with Internet-based technology, attackers have a new vulnerability they could exploit.
The avionics in a cockpit operate as a self-contained unit and aren't connected to the same system used by passengers to watch movies or work on their laptops. But as airlines update their systems with Internet-based networks, it's not uncommon for Wi-Fi systems to share routers or internal wiring.
According to the report, FAA and cybersecurity experts told investigators that airlines are relying on "firewalls" to create barriers. But because firewalls are software, they could be hacked.
"According to cybersecurity experts we interviewed, Internet connectivity in the cabin should be considered a direct link between the aircraft and the outside world, which includes potential malicious actors," the report states.
Chris Roberts, founder of OneWorld Labs, a Colorado based cyber security intelligence firm, told FoxNews.com that vulnerabilities exist within the in-flight entertainment systems.
“We can still take planes out of the sky thanks to the flaws in the in-flight entertainment systems,” said Roberts, who discovered susceptibilities in the system passengers use to watch television at their seats and is sharing his findings with the federal government. “Quite simply put, we can theorize on how to turn the engines off at 35,000 feet and not have any of those damn flashing lights go off in the cockpit.”
While commercial planes are potential targets, business, private and military aircraft also are at risk, according to another aviation security analyst who shared his findings with FoxNews.com.
“I discovered a backdoor that allowed me to gain privileged access to the Satellite Data Unit, the most important piece of SATCOM (Satellite communications) equipment on aircraft,” said Ruben Santamarta, principal security consultant for IOActive. “These vulnerabilities allowed unauthenticated users to hack into the SATCOM equipment when it is accessible through WiFi or In-Flight entertainment networks.”
The theoretical vulnerabilities exist within the In Flight Entertainment systems on both the Panasonic and Thales installations, the two main providers of these systems, across a wide variety of planes, Roberts said. The systems can breached wirelessly, and, once in, a clever hacker can gain access into other areas of the plane’s network, Roberts said.
“Worst case would likely be the ability to access the avionics systems, monitor and possibly influence the control interfaces and other critical flight environments typically found on the private plane subnet,” giving the hacker the ability “to intercept and possibly modify the packets of data being sent from the controls to the actuators using readily available software,” Robert said.
The GAO released a separate report last March that determined the FAA's system for guiding planes and other aircraft also was at "increased and unnecessary risk" of being hacked.
One area of weakness is the ability to prevent and detect unauthorized access to the vast network of computer and communications systems the FAA uses to process and track flights around the world, the report said. The FAA relies on more than 100 of these air traffic systems to direct planes.
A worst-case scenario is that a terrorist with a laptop would sit among the passengers and take control of the airplane using its passenger Wi-Fi, said Rep. Peter DeFazio, D-Ore., a member of the House Transportation and Infrastructure Committee who requested the investigation.
"That's a serious vulnerability, and FAA should work quickly" to fix the problem, DeFazio said.
Fox News' Malia Zimmerman and The Associated Press contributed to this report