SAN FRANCISCO – U.S. authorities are probing whether a computer security expert was actually able to hack into the computer system of a plane he flew aboard and cause it to bank sideways for a brief time.
Chris Roberts, a well-known cybersecurity researcher, had previously alerted authorities to what he said were security flaws in several common airliners.
He told FBI agents in April that he had hacked into the in-flight entertainment systems on numerous planes and, in one case, made a plane briefly fly sideways by telling one of the engines to go into climb mode.
A senior law enforcement official said Sunday that no evidence gathered thus far suggests that such a capability, as outlined by Roberts, exists. The official was not authorized to speak publicly.
Roberts did not respond to requests for comment, but did tweet on Saturday that he’s been advised to keep quiet on the topic. “There’s a whole five years of stuff that the affidavit incorrectly compressed into 1 paragraph….lots to untangle,” he tweeted.
Roberts told Fox News in March that he knew how to “take planes out of the sky” by hacking into their entertainment systems.
The FBI filed an affidavit in a New York court for a warrant to search Roberts computers April 17, first reported by a Canadian news service on Friday.
Sometime before Feb. 13, Roberts apparently alerted the FBI to potential vulnerabilities he said he had discovered in the in-flight entertainment (IFE) systems used on Boeing 737-800, 737-900, 757-200 and Airbus A-320.
According to the warrant request, he was interviewed about these issues by FBI agents on Feb. 13 and March 5. Roberts told the agency he was furnishing the information because he wanted the vulnerabilities fixed.
During those interviews, Roberts told agents that he had exploited the vulnerabilities he had discovered “approximately 15 to 20 times” between 2011 and 2014.
Roberts told the agents that at least once he took control of a flight’s thrust management computer and had been able to tell one engine to climb, causing the plan to briefly go into a “sideways movement.”
On April 15, as he was flying from Denver to Chicago, Roberts tweeted a joke about whether he should hack into plane’s engine indication and crew alerting system.
Roberts then changed aircraft in Chicago for a flight to Syracuse.The plane he had been riding continued on to Philadelphia. When it landed in Philadelphia, FBI agents boarded it and found a damaged Seat Electronic Box in the area where Roberts had been sitting.
“The outer cover was open approximately 1/2 inch and one of the retaining screws was not seated and was exposed,” according to the warrant application.
During their previous interviews, Roberts had told them that he was able to hack into the entertainment system by accessing the Seat Electronic Box located under certain seats in a plane.
When Roberts’ flight to Syracuse landed, he was met by FBI Special Agents.
Roberts told the agents he had not compromised the airplane network on the flight from Denver to Chicago, according to the warrant request. He was open and helpful, showing the agents wiring schematics for multiple airplane models.
At that point, the agents confiscated Roberts iPad, MacBook Pro and several external hard and thumb drives. The search warrant application was a request to electronically search them. It is not know whether the court granted the search request.
When Roberts tried to fly back to Denver two days later, United Airlines informed him he was not welcome on its planes. He was, however, able to buy a ticket on another airline and continued his journey.
Law enforcement authorities and an aircraft manufacturer have cast doubt on whether the breach described by Roberts was possible.
According to a statement from Boeing, which makes three of the four jets Roberts said he was able to hack into, IFE systems on commercial airplanes are isolated from flight and navigation systems.
“While these systems receive position data and have communication links, the design isolates them from the other systems on airplanes performing critical and essential functions,” Boeing said in a statement provided by spokesman Doug Adler.
In addition, the company noted that its airplanes have more than one navigational system available to pilots. Changes to the flight plans loaded into the airplane systems cannot take place without pilot review and approval.
Boeing said its planes meet or exceed “all applicable regulatory requirements for both physical and cyber security,” but that for security security reasons, it does not give specific airplane design features.
Contributing: Kevin Johnson in Washington D.C.
Read or Share this story: http://usat.ly/1bYHzWc