Security Researcher Sparks Fear With This Plane Security Hack
For people choosing to travel via air, security on the plane is of the utmost importance. That is why news of a security researcher claiming he was able hack into the computer systems of several airplanes while aboard is really scaring some air travelers, and setting law enforcement on edge.
— vpnforus (@vpnforus) May 18, 2015
Wired magazine reported that Chris Roberts, a security researcher with One World Labs, first told the FBI in February that he was able to hack the in-flight entertainment system (IFE) and control parts of the plane while aboard various airlines. Roberts claims that he conducted the research in order to expose the potential vulnerabilities in in-flight software. In an FBI search warrant application for Robert’s digital devices and data FBI Special Agent Mark Hurley details Roberts’ previous hacking attempts, writing:
He [Roberts] stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights. He also stated that he used Vortex software after comprising/exploiting or ‘hacking’ the airplane’s networks. He used the software to monitor traffic from the cockpit system.
The search warrant was filed after Roberts was removed from a United Airlines flight from Denver after sending out a tweet while aboard, joking about hacking the plane and setting off the emergency oxygen masks.
According to CNN, FBI agents tracked down his plane after being informed of the tweet and “found signs of tampering and damage to electronic control boxes that connect to in-flight entertainment systems.” The boxes tampered with just so happened to be under where Roberts was sitting and the seat in front of him. Despite this, Roberts insists he did not hack that particular flight.
At the time FBI agents also seized two laptop computers and several hard drives and USB sticks from Roberts without a search warrant, telling Roberts that a warrant was pending. It’s the information in that newly obtained warrant that is cause for concern.
In the warrant, Roberts is quoted as telling the FBI that he accessed the in-flight networks more than a dozen times between 2011 and 2014 and had briefly commandeered a plane during one of those flights. This contradicts an interview he had previously given to Wired, where he claimed he had only explored the networks and observed data traffic.
However, some aircraft experts seriously doubt Roberts was able to hack IFEs in order to commandeer a plane. Business Insider reports that industry expert Peter Lemme told “Runway Girl Network” blogger Mary Kirby that “the IFE ARINC 429 interfaces are not capable of changing automatic flight control modes” and “the claim that the Thrust Management System mode was changed without a command from the pilot through the mode control panel, or while coupled to the Flight Management System is inconceivable.” Boeing has issued statements saying that its entertainment systems are isolated from flight and navigation systems. CNN writes,
It is worth noting that Boeing airplanes have more than one navigational system available to pilots. No changes to the flight plans loaded into the airplane systems can take place without pilot review and approval. In addition, other systems, multiple security measures, and flight deck operating procedures help ensure safe and secure airplane operations.
If Roberts is not exaggerating his hacking claims, these IFEs do pose a very plausible threat to aircraft security that needs to be addressed. So far no charges have been filed against Roberts, but he could end up in some serious trouble for conducting these unauthorized tests. If he did hack those planes with passengers aboard, and in one instance even tilt the plane, he was irresponsibly putting numerous lives at stake.