A prominent US hacker has told the FBI he used a computer to infiltrate a commercial aircraft’s in-flight entertainment (IFE) system and then, while in the air as a passenger, overwrite code to manipulate the aircraft’s thrust management computer and move the plane sideways.
FBI documents cited by CNN say that during interviews in February and March, computer expert Chris Roberts told investigators he hacked into in-flight entertainment systems 15 to 20 times from 2011 to 2014.
Roberts claimed, according to the FBI, to have once hacked into an aircraft system and then overwritten code, enabling him to issue a “CLB”, or climb, command.
“He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights,” the document says.
Roberts, said to have founded cybersecurity firm One World Labs, was escorted from a United Airlines flight in April, allegedly after sending tweets from the flight claiming he could deploy oxygen masks aboard.
According to Wired magazine, Roberts apparently connected to IFE systems by attaching an ethernet cable directly to the electronic box which can be found under some seats. Such boxes under the seats are loathed by passengers, as they restrict legroom. Now there may be another reason to dislike them.
FBI agents reportedly found signs of tampering and damage to some under-seat electronic control boxes. Roberts, who has not been charged with anything, says his only interest is “to improve aircraft security”.
Plane manufacturers, however, believe that while Roberts might have thought he had infiltrated the plane’s control systems, he couldn’t have actually done so. Boeing said its entertainment systems are “isolated from flight and navigation systems”, CNN said. There are other safeguards as well.
In a curious irony, United Airlines is currently offering free frequent flyer miles to “friendly hackers” who can break into its websites – but the offer doesn’t extend to anyone trying to break into aircraft control systems.
United threatens possible criminal or legal investigations for people who try to do that.
Fortune magazine says that United’s new hacker initiative is similar to those offered by Google, Facebook and Microsoft. “Friendly hackers’ finding security flaws in United Airlines’ websites and apps could earn themselves between 50,000 and one million frequent flyer miles, depending on the severity of the vulnerabilities they expose.
Written by Peter Needham