Will a laptop be the next in-flight terror weapon?

Air passengers can now use their electronic devices gate-to-gate, but in-flight Wi-Fi access may make planes vulnerable to hackers armed only with a lowly laptop. A Government Accountability Office (GAO) report this week highlighted this chilling sky-high front for digital terrorists.

A worst-case scenario: A terrorist could sit among fellow passengers and take control of the airplane using its passenger Wi-Fi, said Rep. Peter DeFazio, D-Ore., the member of the House Transportation and Infrastructure Committee who requested the GAO investigation.

“That’s a serious vulnerability, and the FAA should work quickly” to fix the problem, DeFazio said.

Although inflight hacking to bring down a plane would not be easy or very likely, attackers do have a vulnerability they could exploit in newer planes’ internet-based flight tracking and technology.

On-board internet access often uses the same network for passengers and the flight deck, so theoretically almost anything is possible, say the report’s authors. A hacker passenger and the pilot could get into a tug of war over the flight controls if the hacker put a virus into the plane’s computers. Or a hacker could commandeer the aircraft or some of its navigation systems, all despite built-in redundancies designed to allow a pilot to correct or override problems and maintain a heading or flight plan.

As airlines and the Federal Aviation Administration attempt to modernize airplanes and flight tracking with satellite or internet-based technology, hacker opportunities increase. Though plane avionics are stand-alone units and not always connected to the same network passengers use to dial up movies or check their email, the latest model planes are conceived for ultra-connectivity. The Boeing 787 Dreamliner and Airbus A350 and A380 all use internet-based networks and Wi-Fi systems, and they may share routers or physical wiring between cabin and cockpit. Older planes may have an advantage here, though any physical connection (think USB) to a plane’s network could become a doorway for a hacker.

According to the GAO report, FAA and cybersecurity experts revealed to investigators that airlines rely on “firewalls” to create barriers. But since firewalls are only software, they can crumble through hacking.

“According to cybersecurity experts we interviewed, internet connectivity in the cabin should be considered a direct link between the aircraft and the outside world, which includes potential malicious actors,” the report said.

The GAO’s previous report last March determined the FAA’s Next Generation Air Transportation System for guiding planes and other aircraft also was at “increased and unnecessary risk” of being hacked.

Hackers themselves have declared the FAA’s multibillion dollar NextGen system to be a security risk. They claim NextGen’s GPS-based navigational system components are easy to “spoof” and that terrorists could create false location signals or even ghost planes. But the FAA still uses radar to double check planes’ signals.

The big weakness in the FAA’s guidance system lies in detecting those trying to gain unauthorized access to the vast computer and communications network it relies on to process and track flights around the world, the report said.

In the wake of the report, the FAA agreed to address three key issues: to bolster air-traffic control information systems, to protect aircraft avionics used to operate and guide aircraft, and to clarify cybersecurity roles and responsibilities among the multiple FAA offices.

The Associated Press contributed to this report.