Security Expert Claims He Hacked And Controlled A Commercial Jet's Flight: In The Name Of Aircraft Safety?
A computer security expert suspected of hacking into the computers on a Boeing 737 of United Airlines last month revealed that he was once able to take control of the flight systems of a commercial jet, even being able to steer the airplane sideways.
FBI agents met the security researcher, Chris Roberts, as he was exiting a United Airlines flight in Syracuse, New York on April 15 after he tweeted a hint that he may have been able to hack into the in-flight entertainment system (IFE) of the aircraft, which was something that Roberts reportedly previously told the agency that he would stop doing.
However, Roberts has claimed that he carried out the hacks in his missions to improve the safety of aircrafts; a statement that he issued through his lawyer.
"Given the current situation, I've been advised against saying more," Roberts added.
Court documents revealed that Mark Hurley, a special agent for the FBI, met with the computer security expert in the months of February and March to ask about possible vulnerabilities in the security of some of the IFE systems that can be found on Boeing 737, 757 and Airbus A320 airplanes.
Hurley said Roberts revealed that he successfully hacked about 15 or 20 times into the IFE systems of the aircraft even before, in flights from 2011 to 2014.
Roberts said he was able to hack into the systems by connecting his laptop into the electronic boxes of the IFE system, which are located under the seats of the passengers. Once Roberts gained access to the IFE system, he could then access the other systems onboard the flight. This includes the Thrust Management Computer of the aircraft, which is the system that controls the power being provided to the engines of the airplane.
Hurley said that Roberts claimed that, in one instance, he was able to overwrite coding on the Thrust Management Computer to command the system to issue the "CLB" command, forcing one of the engines of the airplane to climb. This resulted in the airplane moving sideways.
Roberts added that he was able to use software for monitoring air traffic in a system within the cockpit of the airplane.
The flight and type of aircraft where Roberts performed the hacking procedures were not included in the court documents.
Hurley told Roberts that hacking into the in-flight systems of airplanes is considered a federal crime, with Roberts stating that he would no longer do such a thing.
However, on April 15, Roberts tweeted a hint that he again hacked into a United Airlines flight.
Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? "PASS OXYGEN ON" Anyone ? :)
— Chris Roberts (@Sidragon1) April 15, 2015
EICAS stands for engine-indicating and crew-alerting system, and the command he tweeted about was to turn on the oxygen for passengers.
Surrey University's Alan Woodward told BBC, however, that it is hard to believe that a passenger could have the means to take control of an aircraft's flight from plugging into an aircraft seat, as flight systems are usually physically separate from in-flight entertainment systems.
Photo: Lars Steffens | Flickr