A report from the U.S. Government Accountability Office (GAO) is warning that domestic commercial airliners could be hacked in-flight by passengers using a plane's wireless entertainment system to access its flight controls.

That is just one of the cybersecurity weakness pointed out by the GAO report, which says that the Federal Aviation Administration (FAA) must address these issues as air traffic control systems continue to evolve with next generation technology.

Report warns aircraft controls could be at risk of hacking over in-flight Wi-Fi connections. Source: Getty istockReport warns aircraft controls could be at risk of hacking over in-flight Wi-Fi connections. Source: Getty istock"Internet connectivity in the cabin should be considered a direct link between the aircraft and the outside world, which includes potential malicious actors," the report is quoted as saying.

One cybersecurity expert said that even "a virus or malware" planted on websites visited by passengers could offer an opportunity for a malicious attack.

The GAO report says the FAA faces cybersecurity challenges in at least three areas:

(1) protecting air-traffic control information systems,

(2) protecting aircraft avionics used to operate and guide aircraft and

(3) clarifying cybersecurity roles and responsibilities among multiple FAA offices.

Cybersecurity experts told GAO that the on-board firewalls intended to protect avionics from hackers could be breached if flight control and entertainment systems use the same wiring and routers.

GAO recommends that the FAA:

1) assess developing a cybersecurity threat model,

2) include the agency's Office of Safety as a full member of the Committee and

3) develop a plan to implement National Institute of Standards and Technology revisions within with federal Office of Management and Budget's time frames.

The report says FAA concurred with the first and third recommendations, but believes that its safety office is sufficiently involved in cybersecurity.

The news was reported by the Reuters news agency.

To contact the author of this article, email engineering360editors@globalspec.com