Man claims he hacked jet’s computer mid-flight
A security researcher told federal agents he was able to hack into aircraft computer systems midflight numerous times through the inflight entertainment systems, and at one point he caused a plane he was on to move sideways, according to an FBI agent’s affidavit.
Security and government experts say such cyber threats are real given that airplanes are increasingly connected to the Internet.
The researcher, Chris Roberts, was questioned upon his arrival at the Syracuse, N.Y., airport April 15. He had suggested on Twitter while on a United Airlines flight from Chicago that he could get the oxygen masks to deploy or interfere with the cockpit’s alert systems, according to the court filing for a search warrant for Roberts’ laptop and other electronics.
Roberts founded One World Labs, which tries to discover security risks before they are exploited. He had met previously, in February and March, with the FBI to discuss vulnerabilities with inflight entertainment systems aboard certain aircraft, the affidavit said. During the meetings, Roberts claimed to have compromised the systems 15 to 20 times between 2011 and 2014, using a cable to connect his laptop to an electronics box located beneath passenger seats, the document said.
“He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights,” the affidavit said. Roberts declined to comment Monday when reached at his Denver, Colo., office. In a statement issued through his attorney, he said his “only interest has been to improve aircraft safety.”
A report by the U.S. Government Accountability Office last month said some commercial aircraft may be vulnerable to hacking over their onboard wireless networks.
“Modern aircraft are increasingly connected to the Internet. This interconnectedness can potentially provide unauthorized remote access to aircraft avionics systems,” the report said.
Government officials remain skeptical of Roberts’s claims. A senior law enforcement official who asked not to be identified told Bloomberg on Monday there is no credible information to suggest an airplane’s flight control system can be accessed or manipulated from its inflight entertainment system.
The fact that passengers on flights with in-seat video monitors can shift between television and a map showing the plane’s real-time location indicates a link between the flight control and passenger entertainment networks, said Steven Bellovin, a computer science professor at Columbia University.
And airplanes that offer Wi-Fi are likely using the same data link used by pilots to communicate with the airline, he said.
“Now the question is, what is the form of isolation between the passenger network and everything else?” Bellovin said.
“There is some kind of linkage but there are different ways to do this — really securely and not particularly securely, and I have no way of knowing which has actually been done here.”
After stopping Roberts from continuing on from Syracuse to California following his FBI interview last month, the airline cited Roberts’s “claims regarding manipulating aircraft systems.” With files from Bloomberg