In February a security researcher told the FBI that he took control of a plane’s control system during a flight, according to a warrant application filed last month. The researcher was Chris Roberts, who was subsequently banned from all United Airlines flights in April after he tweeted a joke about exploiting the flight control vulnerabilities while on a plane, Wired reports.
FBI escorts security research off plane after he hacked systems
Once the plane landed in Syracuse, New York, FBI apparently escorted Roberts from the flight and confiscated his gadgets, including thumb drives, an iPad and a MacBook Pro. Wired says the FBI told Roberts a warrant to search the devices was pending, and they filed the application two days later. A Canadian news outlet published the application this weekend.
Roberts previously met the FBI in February to discuss vulnerabilities in the In-Flight Entertainment (IFE) systems of aircraft, and told agents that he could exploit them up to 20 times between 2011 and 2014. He claimed it was possible to gain physical access to the IFE via an electronics box located under seats containing video monitors. Roberts was able to connect his laptop to the IFE system and overwrite code on the plane’s Thrust Management Computer and then issue flight commands from his seat.
There are however some discrepancies between Roberts’ story and the FBI version of events. The warrant suggest that Roberts issued the CLB (climb) command causing one of the engines to climb that caused a sideways movement of the aircraft.
Roberts told Wired that while he could hack into the IFE system, he had never commandeered the flight, but he says he has caused a plane to climb during a flight only during a simulation.
Roberts stated on Twitter:
“I’m obviously concerned those [conversations] were held behind closed doors and apparently they’re no longer behind closed doors”, Roberts told Wired.
When FBI agents searched the plane in question, they found under-seat electronics that had showed signs of tampering. But when Wired asked him if he’d connected his laptop to the boxes on the flight, he said “Nope I did not. That I’m happy to say and I’ll stand from the top of the tallest tower and yell that one”.
“We believed that Roberts had the ability and the willingness to use the equipment then with him to access or attempt to access the IFE and possibly the flight control systems on any aircraft equipped with an IFE system, and that it would endanger public safety”, the FBI affidavit reads.
Roberts had previously helped to found the company One World Labs, and told Wired that investors had already withdrawn funding as a result of the incident, though he has not yet been charged with any crime.
SOURCE: The Verge.
Larry Banks is a keen follower of technology and finance. He has worked for a variety of online publications, writing about a diverse range of topics including mobile networks, patents, and Internet video delivery technologies.