Peter Foster Washington
Published 18/05/2015 | 02:30
A prominent hacker has told the FBI he managed to make an airliner “climb” and move “sideways” after infiltrating its in-flight entertainment system.
The astonishing claim was made by Chris Roberts, founder of cybersecurity firm One World Labs, who was escorted from a United Airlines flight last month after sending in-air tweets bragging that he could deploy the oxygen masks.
His claim that he had affected the actual performance of the plane was made in an FBI affidavit applying for a warrant to search his computer, iPad and other electronic items.
The affidavit said that Mr Roberts claimed to have hacked the in-flight entertainment system and overwritten the code on the plane’s Thrust Management Computer while on board a flight, allowing him to operate at least one airplane engine. He was not charged in relation to the claims.
“He stated that he successfully commanded the system he had accessed to issue the climb command,” the affidavit said. “He stated he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights
“He also stated that he used Vortex software after compromising/exploiting or ‘hacking’ the airplane’s networks. He used the software to monitor traffic from the cockpit system,” investigators wrote.
Mr Roberts told investigators he had accessed aeroplane computer systems “15 to 20” times since 2011, connecting to the systems by attaching an ethernet cable directly to the “Seat Electronic Box” which can be found under some seats, according to ‘Wired’ magazine.
The affidavit said Mr Roberts had gained access by “wiggling and squeezing” the box under the seat in front of him, penetrating seat-back video systems by Panasonic and Thales, which gained him access to other airplane systems. It remains unclear if Mr Roberts, well-known in the hacking world, really did manage to move the plane or simply believed that he had.
Among the types of plane Mr Roberts claimed to have hacked were the Boeing 737-800, 737-900, 757-200 and Airbus A-320. He told investigators he provided the information “because he would like vulnerabilities to be fixed”.
United Airlines last week launched a “bug bounty” programme offering up to a million free air-miles to friendly hackers who could uncover weaknesses in their corporate computer systems. (© Daily Telegraph, London)