Hacker Hijacks Plane During Flight, Gains Access To Engine Controls
A cybersecurity consultant claims to have hacked into the computer systems of airliners and gained control of an aircraft. He said that he was able to change the course of the plane after breaking into the in-flight entertainment system.
Chris Roberts was detained by the FBI after they discovered his tweets regarding hacking into the United Airlines flight to Syracuse, New York he was traveling in.
In the warrant application obtained by Wired, Roberts said he has broken into in-flight entertainment systems of up to 20 flights between 2011 and 2014.
FBI agent Mark Hurley wrote, “[Roberts] stated that he thereby caused one of the aeroplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights.”
It was by prying open the electronic box under his seat and subsequently connecting his laptop through an Ethernet cable that he was able to take control of the in-flight system. With this, he could uncover security flaws before exploiting them. He was also able to monitor all communications from the cockpit.
Security researchers have taken to Twitter to condemn Roberts’s act ever since the affidavit has been released for public viewing.
Jaime Blasco, director of AlienVault Labs, tweeted, “I find it really hard to believe but if that is the case he deserves going to jail.”
Alex Stamos, chief information security officer of Yahoo, wrote, “You cannot promote the (true) idea that security research benefits humanity while defending research that endangered hundreds of innocents.”
Roberts’ concern was that the warrant application had been exposed to the public.
He was quoted by Wired, saying, “My biggest concern is obviously with the multiple conversations that I had with the authorities.
“I’m obviously concerned those were held behind closed doors and apparently they’re no longer behind closed doors.”
Although he has been told to not reveal much, he tweeted that he wanted to “improve aircraft security.” He also criticized the FBI for “incorrectly” summarizing his five years worth of research in one paragraph.
“Lots to untangle,” he tweeted.
Sorry it's so generic, but there's a whole 5 years of stuff that the affidavit incorrectly compressed into 1 paragraph….lots to untangle
— Chris Roberts (@Sidragon1) May 17, 2015
According to The Telegraph, seeing the possibility of someone hacking into the in-flight system and gaining control, a “bug bounty” program was initiated by United Airlines last week. The program called White Knight hackers to unveil flaws in its computer security systems. As a reward, the company was offering millions of free air-miles. However, the bounty was not applicable on bugs discovered on “on-board Wi-Fi, entertainment systems or avionics.”
According to CNN, Boeing, one of the plane manufacturers, doubted the validity of hacking the in-flight entertainment system, saying its entertainment systems are “isolated from flight and navigation systems.”
Although the company could not discuss its design features, it said that “it is worth noting that Boeing airplanes have more than one navigational system available to pilots. No changes to the flight plans loaded into the airplane systems can take place without pilot review and approval. In addition, other systems, multiple security measures, and flight deck operating procedures help ensure safe and secure airplane operations.”
You might also be interested in: Man Flew Drone Near White House, Detained By Secret Service