FBI: Hacker Says He Made Plane Change Course
A PROMINENT security researcher says he took control of a plane and made it fly sideways, according to an FBI affidavit.
Chris Roberts was removed from a United Airlines flight last month after tweeting that its on-board network could be hacked.
He told a federal agent he was previously able to issue a climb command to the engine of an unidentified airliner, making the aircraft briefly change course.
The computer expert said he had hacked into the network via the in-flight entertainment system while on board the flight, according to the agent.
Mr Roberts, whose company One World Labs seeks to identify security risks before they are exploited, claimed to have overwritten code on the plane’s Thrust Management Computer, said the FBI.
“He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights,” FBI Special Agent Mark Hurley wrote in a search warrant application.
The FBI filed the application last month after Mr Roberts posted a tweet while on a United Airlines plane apparently joking that he could hack into the flight’s network to deploy its oxygen masks.
The agents had interviewed him several times in February and March about his longstanding claims relating to flight network vulnerabilities.
Mr Roberts was removed from the Chicago to Syracuse, New York, flight after it landed at its destination.
Two of his laptops and USB sticks were confiscated.
According to the affidavit, he told the FBI he had accessed in-flight networks more than a dozen times between 2011 and 2014.
The FBI document does not state which flight he claims to have made go sideways.
According to the FBI, Mr Roberts said he hacked into the plane’s network through the Seat Electronic Box, which is installed under passenger seats on certain commercial aircraft.
He removed the box’s cover by “wiggling and squeezing” before plugging in a modified Cat6 ethernet cable attached to his laptop, states the affidavit.
Mr Roberts then used default IDs and passwords to gain access to the in-flight entertainment system and other networks on the planes.
He said he was also able to monitor traffic from the cockpit system.
Mr Roberts has not been charged in relation to his claims.
He has taken to Twitter to dispute the account of his interview in the FBI document.
“Sorry it’s so generic, but there’s a whole 5 years of stuff that the affidavit incorrectly compressed into 1 paragraph,” he tweeted.
Mr Roberts previously told WIRED, the technology magazine, he had tampered with a plane’s flight path only during a simulated test in a virtual environment, and never on a real airliner.
Several days after he was removed from last month’s flight, Mr Roberts attempted to board a United Airlines plane from Colorado to San Francisco. – guardian.co.uk