A researcher allegedly told the FBI he briefly took control of a passenger plane in mid-flight
A security researcher told FBI investigators he had taken control of a passenger plane’s computer system while it was in flight, altering the direction of its flight, according to a search warrant application made public by a Canadian news outlet on Friday.
Chris Roberts, a co-founder of Denver-based security firm One World Labs, told FBI agents that 15 to 20 times from 2011 to 2014 he had hacked planes’ in-flight entertainment systems, gaining access to cockpit systems and monitoring traffic, according to the document.
On one occasion Roberts also commanded a plane’s thrust management computer to cause one of the airplane engines to climb, “resulting in a lateral or sideways movement”.
Roberts, who has investigated airplane computer security vulnerabilities since 2009, had previously admitted only to altering the course of passenger flights on a simulated system, according to a report by Wired. He did, however, admit to having accessed sensitive plane systems during live flights, but only observing data traffic.
The researcher, who had previously met with the FBI in February over concerns with his airplane hacking research, was on 15 April detained by federal agents in Syracuse, New York, after travelling there from Denver via Chicago. During the flight from Denver he had posted a message on Twitter alluding to the possibility of hacking the plane’s on-board computer systems – a tweet intended as a facetious allusion to a recent US government report warning of computer vulnerabilities on some Boeing and Airbus planes.
After arriving in Syracuse, Roberts was questioned for several hours by the FBI, who confiscated items including a laptop and storage devices. The search warrant, dated two days after the items were confiscated, was in support of the investigation of the data contained in these devices. United Airlines later barred Roberts from boarding a flight leaving Syracuse – the company also at the same time launched a bug bounty programme.
‘Out of context’
In Twitter messages over the weekend, Roberts said the paragraph detailing his in-flight hacking activities was drawn from questioning in April as well as the closed-door meetings with the FBI in February and that the information had been taken out of context.
“There’s a whole five years of stuff that the affidavit incorrectly compressed into one paragraph,” he tweeted. “A lot of it’s out of context I’m afraid.”
Security experts expressed anger at the possibility that a professional researcher might have carried out such a dangerous hack.
“You cannot promote the (true) idea that security research benefits humanity while defending research that endangered hundreds of innocents,” tweeted Alex Stamos, chief information security officer of Yahoo.
Roberts responded via Twitter that his only interest in recent years has been “to improve aircraft security”.
Roberts has not been charged with a crime, but said via Twitter that the incident has led to funding being withdrawn from his company, resulting in the layoffs of a dozen of its staff last week.
Are you a security pro? Try our quiz!