Captain Mike Blythe stands in the cockpit of British Airways' new Airbus A380 after its inaugural arrival to Washington Dulles International Airport in Dulles, Virginia, Oct., 2, 2014. The A380 is the world's largest passenger aircraft, and for the first time customers will be able to experience the service between Washington D.C. and London. File Photo by Molly Riley/UPI. | License Photo
WASHINGTON, April 15 (UPI) -- The U.S. Government Accountability Office said the FAA needs to step up its cybersecurity efforts, after determining WiFi-equipped commercial aircrafts are vulnerable to hackers, who could access the cockpit communications and navigations systems.
Security officials told the GOA it's possible for hackers to command the aircraft, put a virus into the onboard computer system and take control of the aircraft. While the report doesn't suggest it would be easy to do or there is an immediate threat, it outlines worst-case scenarios for airline travelers.
"For example, the presence of personal smart phones and tablets in the cockpit increases the risk of a system's being compromised by trusted insiders, both malicious and non-malicious, if these devices have the capability to transmit information to aircraft avionics systems," the report said.
Gerald Dillingham, an author of the report, told CNN planes including the Boeing 787 Dreamliner and the Airbus A350 and A380 have advanced cockpits that use the same WiFi system as the passengers use.
The report, requested by the House Transportation and Infrastructure Committee, highlights the connectivity between the cockpit and the passenger cabin through shared IP networks. Although there are firewalls, they are not infallible.
"Four cybersecurity experts with whom we spoke discussed firewall vulnerabilities, and all four said that because firewalls are software components, they could be hacked like any other software and circumvented," the report said.
Rep. Peter DeFazio, D-Oregon, told CNN, "This report exposed a real and serious threat -- cyberattacks on an aircraft in flight."
The report recommends the FAA make several changes to reduce the possibility of an inflight cyberattack, including optimizing network security by identifying all possible vulnerabilities and including the FAA's Aviation Safety Office as a member of the Cyber Security Steering Committee.