Cyber security expert claims he overwrote the code on the plane’s Thrust Management Computer while on board a flight
May 18, 2015
Image Credit: Courtesty of One World Labs/YouTube
Washington: A prominent hacker has told the FBI he managed to make an airliner “climb” and move “sideways” after infiltrating its in-flight entertainment system. The claim was made by Chris Roberts, founder of cybersecurity firm One World Labs, who was escorted from a United Airlines flight last month after sending in-air tweets bragging that he could deploy the oxygen masks.
His claim that he had affected the actual performance of the plane was made in an FBI affidavit applying for a warrant to search his computer, iPad and other electronic items after the tweeting incident.
The affidavit said that Roberts claimed to have hacked the in-flight entertainment system and overwritten the code on the plane’s Thrust Management Computer while on board a flight, allowing him to operate at least one aeroplane engine. He was not charged in relation to the claims.
“He stated that he successfully commanded the system he had accessed to issue the climb command,” the affidavit said. “He stated that he thereby caused one of the aeroplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights.
“He also stated that he used Vortex software after compromising/exploiting or ‘hacking’ the aeroplane’s networks. He used the software to monitor traffic from the cockpit system,” investigators wrote in the warrant that was first published by Canada’s APTN News.
Roberts told investigators he had accessed aeroplane computer systems “15 to 20” times since 2011, accessing the systems by attaching an Ethernet cable directly to the ‘Seat Electronic Box’, which can be found under some seats, according to Wired Magazine. The affidavit said Roberts had gained access by “wiggling and squeezing” the box under the seat in front of him, penetrating seat-back video systems by Panasonic and Thales which gained him access to other aeroplane systems.
It remains unclear if Roberts, well-known in the hacking world, really did manage to move the plane or simply believed that he had. Among the types of plane Roberts claimed to have hacked were the Boeing 737-800, 737-900, 757-200 and Airbus A320. He told investigators he provided the information “because he would like vulnerabilities to be fixed”.
However, he told ‘Wired’ that the excerpts in the FBI affidavit had given an incomplete picture. “That paragraph that’s in there is one paragraph out of a lot of discussions, so there is context that is obviously missing which obviously I can’t say anything about,” he said.
United Airlines last week launched a “bug bounty” programme offering up to a million free air-miles to “White Knight” hackers — friendly ones — who could uncover weaknesses in their corporate computer systems. However it specifically ruled out bounty for bugs uncovered on “on-board Wi-Fi, entertainment systems or avionics”.
Last month a report from the US Government Accountability Office warned of the vulnerability posed by in-flight entertainment systems. It called on the Federal Aviation Administration to address the flaw.