A researcher who specializes in aircraft security admitted hacking into an airplane’s systems during a flight and successfully sending a climb command to one of the engines, according to an FBI search warrant application.
Chris Roberts, security researcher and founder of enterprise security assessment and consulting firm One World Labs, was featured in news reports last month after he posted a tweet about hacking into the communication system and EICAS (Engine-Indicating and Crew-Alerting System) of the United Airlines flight he was on.
When he landed, the FBI detained him for questioning and seized his electronics. A few days later, when he attempted to board a United Airlines flight, he was banned from getting on the plane.
An FBI search warrant application related to the incident was obtained last week by Canada-based APTN. In the document, FBI Special Agent Mark Hurley revealed that Roberts stated during interviews that he identified vulnerabilities in the in-flight entertainment (IFE) systems of Boeing and Airbus aircraft.
According to Hurley, the researcher said he had compromised IFE systems 15-20 times between 2011 and 2014. The expert said he exploited IFE vulnerabilities while in flight.
Roberts apparently hacked the IFE systems on planes by connecting his laptop through a Cat 6 ethernet cable to the Seat Electronic Box (SEB) located under the passenger seat. FBI agents inspected the SEB located under the expert’s seat after a flight he took from Chicago to Philadelphia and determined that it was tampered with.
“[Roberts] stated that he then overwrote code on the airplane’s Thrust Management Computer while aboard a flight. He stated that he successfully commanded the system he had accessed to issue the climb command,” Hurley wrote in the search warrant application. “He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights. He also stated that he used Vortex software after compromising/exploiting or ‘hacking’ the airplane’s networks. He used the software to monitor traffic from the cockpit system.”
“Roberts said he used Kali Linux to perform penetration testing of the IFE system. He used the default IDs and passwords to compromise the IFE systems. He also said that he used VBox which is a virtualized environment to build his own version of the airplane network. The virtual environment would replicate airplane network, and the he used virtual machines on his laptop while compromising the airplane network,” the agent said.
Roberts hasn’t provided too many clarifications after the document was published. He noted on Twitter that the affidavit incorrectly compresses five years of “stuff” into one paragraph. The researcher says he will “put all the context into place” when the time is right and the dust settles.
Over last 5 years my only interest has been to improve aircraft security...given the current situation I've been advised against saying much
— Chris Roberts (@Sidragon1) May 17, 2015
It remains to be seen if the expert really did hack an airplane in mid-flight. If he did, some members of the security community are not happy about it.
“You cannot promote the (true) idea that security research benefits humanity while defending research that endangered hundreds of innocents,” Alex Stamos, CISO at Yahoo, said on Twitter.
Shortly after the April incident, the FBI’s cyber division published a private industry notification saying that the FBI and the TSA are analyzing media reports stating that critical in-flight networks on commercial aircraft are vulnerable to remote intrusion.
“At this time, the FBI and TSA have no information to support these claims but continue to leverage public and private sector partnerships to evaluate potential threats posed by intrusions into a commercial aircraft’s secure networks,” the FBI said. “The FBI and TSA also continuously monitor and analyze reporting on cyber and technical threats to proactively deter individuals from using remote intrusions to disrupt any portion of the aviation sector, including its business networks, critical navigation and air traffic control signals, and the onboard networks of commercial aircraft.”
Aircraft cyber security has made numerous headlines over the past months after the Government Accountability Office (GAO) published reports on this subject. While some experts have raised concerns about the risks posed by vulnerabilities in the IFE system, aircraft manufacturers say successful attacks are unlikely.
“IFE systems on commercial airplanes are isolated from flight and navigation systems. While these systems receive position data and have communication links, the design isolates them from the other systems on airplanes performing critical and essential functions,” Boeing representatives told SecurityWeek last month.
United Airlines announced the launch of a bug bounty program last week, but the company has highlighted that the program only covers its Web services. Testing in-flight entertainment, Wi-Fi, and other aircraft systems is strictly prohibited and can lead to a criminal and/or legal investigation.