While we were all busy arguing whether our cellphones could affect planes, one security researcher was busily hacking into aircraft and potentially gaining access to engine control. An ill-advised tweet got infosec specialist Chris Roberts barred from a United flight last month, after he joked about tinkering with aircraft systems like passenger emergency oxygen control. Turns out, so documentation submitted by the FBI reveals, Roberts’ abilities were even greater, to the point of momentarily controlling engine thrust.
The saga started on April 15th, when Roberts told Twitter followers that he was on a 737-800 and suggested he had access to the plane’s control systems. Perhaps unsurprisingly, he was promptly prevented from flying, had his laptop confiscated, and was banned from traveling with United ever again.
Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? "PASS OXYGEN ON" Anyone ? :)
— Chris Roberts (@Sidragon1) April 15, 2015
According to search warrant documentation, meanwhile, Roberts supposedly told the FBI that his exploits granted him far more control than had even initially been feared. In two interviews, APTN reports, he admitted to having used weaknesses in the in-flight entertainment systems on Boeing and Airbus aircraft to break in on as many as twenty occasions.
The hacks took place between 2011 and 2014, Roberts claimed, during actual flights.
“He stated that he successfully commanded the system he had accessed to issue the ‘CLB’ or climb command,” FBI agent Mike Hurley wrote in the document. “He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights.”
Investigators examining the seats Roberts had booked in discovered evidence that the in-flight entertainment boxes had indeed been tampered with, though he claims not to have done so on that particular flight. The hack supposedly involved connecting a hidden ethernet port to Roberts’ MacBook Pro using a modified cable, and then using Vortex software to monitor cockpit data among other things.
For his part, the One World Labs security researcher maintains that his in-flight handiwork only ever extended to eavesdropping, telling Wired that the engine hack was done on a simulation instead.
On Twitter, Roberts argued that much of the furore around his tinkering was being taken “out of context.”
It's busy…and a LOT of its out of context I'm afraid https://t.co/mWvYzNpDRW
— Chris Roberts (@Sidragon1) May 16, 2015
While he would not clarify the discrepancies between his claims made to Wired and the contents of the FBI report, he did say that it was one small portion of a much broader conversation.
“It would appear from what I’ve seen that the federal guys took one paragraph out of a lot of discussions and a lot of meetings and notes and just chose that one as opposed to plenty of others” Chris Roberts
It’s not the only recent security scare around flying, however. Last August, another researcher claimed to have discovered a way to hack into an aircraft over WiFi, taking advantage of weaknesses in the networking hardware sold by a number of providers to airlines.
Meanwhile, United has rolled out a new program whereby security researchers who spot flaws in its systems can be rewarded with a big chunk of airmiles, just as long as they inform the airline rather than use the exploit nefariously.