FBI: Security researcher claimed to hack, control plane in flight
Remember the security researcher who was pulled from a United flight and had his equipment taken (before its frequent flier miles-paying bug hunt) for tweeting about hacking into the plane via its entertainment system? In an application for a search warrant, FBI agents said he previously told them he's gone further than that. APTN National News obtained the document, which contains claims that Chris Roberts told them he connected his laptop to a plane via an Ethernet cable, hacked into a thrust management computer and briefly controlled one of the engines, causing the plane to change course. As reported previously by Wired, he has warned of vulnerabilities in planes for years -- manufacturers deny they exist -- and the conversations were apparently intended to get these problems fixed.
Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? "PASS OXYGEN ON" Anyone ? :)
— Chris Roberts (@Sidragon1) April 15, 2015
Irony: for FBI to make its case against Chris Roberts, they're going to have to seriously harm confidence in the aviation industry.
— Matthew Green (@matthew_d_green) May 16, 2015
If you tell FBI agents you can control an airplane's engines with your laptop, you're gonna have a bad time. http://t.co/73qWvaxTvU
— Christopher Soghoian (@csoghoian) May 16, 2015
According to the application, Roberts traveled from Denver to Chicago via United flight 1474 on April 15th, and when agents checked it, they found damage and evidence of tampering to the electronic system under his seat. On Twitter, Roberts has since claimed that no systems were harmed during the trip, and more recently, that discussion is "out of context." He told Wired in an interview that he had only ever tapped in to watch data traffic on airplanes, and while he believed such hacks were possible, he has only done them in a simulated environment.
Last month's arrest spurred warnings from the TSA and FBI to watch out for passengers trying to access internal networks. Now, while law enforcement sorts out the difference between theoretical and actual hacking, it may be a good idea to tuck in any loose network cables while going through security.
[Image credit: Nicholas Burningham / Alamy]