Washington - Hackers could exploit in-flight entertainment systems to fatally sabotage the cockpit electronics of a new generation of airliners connected to the internet, a US government report warns.
It comes weeks after a co-pilot crashed his Germanwings A320 into the French Alps killing all 150 on board, prompting talk of airliners one day being 100% automated.
In-flight cyber security is "an increasingly important issue" that the Federal Aviation Administration (FAA) is just starting to address in earnest, said the audit and investigative arm of the US Congress.
"Modern communications technologies, including IP connectivity, are increasingly used in aircraft systems, creating the possibility that unauthorised individuals might access and compromise aircraft avionics systems," the Government Accountability Office (GAO) report said.
In the past, the electronics used to control and navigate aircraft - known as avionics - have functioned autonomously, said the GAO.
Firewalls
"However, according to FAA and experts we spoke to, IP networking may allow an attacker to gain remote access to avionics systems and compromise them," the GAO said.
In theory, firewalls ought to protect avionics "from intrusion by cabin-system users, such as passengers who use in-flight entertainment systems".
But four cyber security experts told the GAO that firewalls, being software components, can be hacked and circumvented "like any other software".
The FAA, the aviation authority of the US, has yet to develop regulations to make "cyber security assurance" for avionics part of its process for certifying new aircraft.
FAA officials told the GAO however that cyber security is an increasingly important concern and that it is shifting its certification focus to address it.
Gerald Dillingham, a co-author of the GAO report, said the issue particularly affects a new generation of internet-connected aircraft that includes the Boeing 787 Dreamliner and Airbus A350.
To date, he said there is no sign that any "bad actors" have successfully planted a virus or malware into an avionics system.
"We don't have any evidence that this has occurred and we are hoping that raising this question will make it less likely to occur," he said.