A security researcher who was pulled out from a United Airlines flight last month had previously admitted to Federal Bureau of Investigation (FBI) that he had taken control of an airplane and made it fly briefly sideways.
Chris Roberts, the founder of One World Labs, was recently detained, questioned and had his equipment taken by federal agents after he landed on a United flight from Chicago to Syracuse, New York following his tweet suggesting he might hack into the plane’s in-flight entertainment system.
In that particular tweet, Roberts joked: “Find me on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? ‘PASS OXYGEN ON’ Anyone? :)”
The federal agents addressed the tweet immediately and took it seriously following the Roberts’ capabilities of such hacking tactics.
In the FBI affidavit first made public Friday – first obtained by APTN National News – Roberts told the FBI earlier this year about not once, but repeatedly hacking into aircrafts’ in-flight entertainment (IFE) systems while on board.
“During these conversations, Mr. Roberts stated … he had exploited [flaws] with IFE systems on aircraft while in flight. He compromised the IFE systems approximately 15 to 20 times during the period 2011 through 2014,” FBI Special Agent Mark Hurley wrote in his application. “He last exploited an IFE system during the middle of 2014.”
How the researcher made this possible?
The documents claim that Roberts connected his laptop to the plane’s IFE system via a modified Ethernet cable, allowing him to access other airplane systems.
During at least one instance, Roberts reportedly claimed to have overwritten the code on the airplane’s Thrust Management Computer while aboard a flight and successfully controlled the system to issue the climb command.
By issuing the ‘CLB’ or climb command, Roberts “caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane,” according to the FBI warrant application.
No Systems were Harmed:
Roberts claimed via Twitter that no systems were harmed during the trip. Moreover, Roberts told Wired in an interview that the FBI has taken his remarks about hacking “out of context” of their discussions with the agency.
Roberts claimed that he had only watched data traffic on airplanes, and he has only attempted the hack in a simulated environment because he believed that such hack attacks were possible.
“It would appear from what I’ve seen that the federal guys took one paragraph out of a lot of discussions and a lot of meetings and notes and just chose that one as opposed to plenty of others,” he said, declining to elaborate further.
Since this incident, United Airlines has launched a bug bounty program inviting security researchers and bug hunters to report vulnerabilities in its websites, apps and web portals.
Roberts has neither been arrested by the FBI nor charged with any crime.