Chris Roberts admits to in-flight hacking, context not clear

May 18, 2015 11:36 GMT  ·  By

In a sworn statement, an FBI agent says that security researcher Chris Roberts admitted to hacking into the controls of a flying aircraft causing it to climb.

Roberts is the founder of One World Labs, a cyber security company dedicated to identifying risks before the bad guys manage to take advantage of them.

Bad joke leads to FBI seizing electronic devices

He has often drawn attention to the vulnerabilities present in the computer networks in airplanes, which could be exploited in flight to reach the avionics systems and tamper with the control of the aircraft.

In mid-April, while flying to Syracuse, New York, Roberts tweeted a message as a joke, saying that he would check the security of the airplane by accessing the EICAS (engine-indicating and crew-alerting system) via the in-flight entertainment (IFE) network.

As a result, the researcher spent some time with the FBI when he disembarked. Four hours later, he was let go, albeit all his electronic devices were seized.

This was not Roberts’ first chat with the FBI, though. Between February 13 and March 5, 2015, the agents interviewed the researcher multiple times to learn about the vulnerabilities he discovered in the IFE systems on Boeing and Airbus aircrafts.

Hacker changes direction of the plane

According to the affidavit (published by Canadian news outlet APTN) presented by special agent Mark Hurley in support of a search warrant request for the recently seized electronics, Roberts admitted that he had exploited the discovered glitches while in flight.

The document says that, between 2011 and 2014, the researcher experimented approximately 15 to 20 times and the breach point was the video monitor installed in the passenger seatbacks (Seat Electronic Box).

After hacking into the IFE network via a laptop hooked with a Cat6 ethernet cable, Roberts was able to access other systems on the aircraft.

While aboard the flight, he was able to overwrite the code on the plane’s Thrust Management Computer and issue a “climb” command. This resulted in the aircraft changing direction and move sideways.

The context of this account is not clear from the affidavit, though, as the information was selected from a much larger pool to serve for getting the search warrant for the devices.

“Because this affidavit is being submitted for the limited purpose of securing a search warrant, I have not included each and every fact known to me concerning this investigation,” Hurley says in the document.

It is important to note that this is an extraordinary feat that can be achieved by someone with strong technical background and a set of special tools that are not publicly available.