Categories: Security

FBI: Hacker ‘Changed Course Of Plane In Flight’

A security researcher told FBI investigators he had taken control of a passenger plane’s computer system while it was in flight, altering the direction of its flight, according to a search warrant application made public by a Canadian news outlet on Friday.

Chris Roberts, a co-founder of Denver-based security firm One World Labs, told FBI agents that 15 to 20 times from 2011 to 2014 he had hacked planes’ in-flight entertainment systems, gaining access to cockpit systems and monitoring traffic, according to the document.

On one occasion Roberts also commanded a plane’s thrust management computer to cause one of the airplane engines to climb, “resulting in a lateral or sideways movement”.

Roberts, who has investigated airplane computer security vulnerabilities since 2009, had previously admitted only to altering the course of passenger flights on a simulated system, according to a report by Wired. He did, however, admit to having accessed sensitive plane systems during live flights, but only observing data traffic.

The researcher, who had previously met with the FBI in February over concerns with his airplane hacking research, was on 15 April detained by federal agents in Syracuse, New York, after travelling there from Denver via Chicago. During the flight from Denver he had posted a message on Twitter alluding to the possibility of hacking the plane’s on-board computer systems – a tweet intended as a facetious allusion to a recent US government report warning of computer vulnerabilities on some Boeing and Airbus planes.

After arriving in Syracuse, Roberts was questioned for several hours by the FBI, who confiscated items including a laptop and storage devices. The search warrant, dated two days after the items were confiscated, was in support of the investigation of the data contained in these devices. United Airlines later barred Roberts from boarding a flight leaving Syracuse – the company also at the same time launched a bug bounty programme.

‘Out of context’

In Twitter messages over the weekend, Roberts said the paragraph detailing his in-flight hacking activities was drawn from questioning in April as well as the closed-door meetings with the FBI in February and that the information had been taken out of context.

“There’s a whole five years of stuff that the affidavit incorrectly compressed into one paragraph,” he tweeted. “A lot of it’s out of context I’m afraid.”

Security experts expressed anger at the possibility that a professional researcher might have carried out such a dangerous hack.

“You cannot promote the (true) idea that security research benefits humanity while defending research that endangered hundreds of innocents,” tweeted Alex Stamos, chief information security officer of Yahoo.

Roberts responded via Twitter that his only interest in recent years has been “to improve aircraft security”.

Roberts has not been charged with a crime, but said via Twitter that the incident has led to funding being withdrawn from his company, resulting in the layoffs of a dozen of its staff last week.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Microsoft’s Hiring Of Inflection AI Staff Does Not Meet EU Merger Thresholds

European Commission says Microsoft's hiring of Inflection AI's staff will not be investigated under EU…

11 hours ago

Google Urges London Tribunal To Dismiss Mass Lawsuit

Alphabet urges Competition Appeal Tribunal to dismiss mass lawsuit seeking up to £7bn ($9.3bn) for…

11 hours ago

US To Host International Network of AI Safety Institutes In November

The US will host the first meeting of the International Network of AI Safety Institutes,…

12 hours ago

Qualcomm Loses Appeal Over EU Antitrust Fine

EU General Court upholds European Commission €242m antitrust fine against Qualcomm, after it allegedly forced…

14 hours ago

EU Court Rules Google’s €1.49bn Fine Should Be Annulled

Google wins court challenge. Europe's second highest court rules EC's €1.49bn antitrust fine should be…

16 hours ago

Meta Bans Russian State Media Networks

Russian state media networks including RT, Rossiya Segodnya etc banned by Meta Platforms for “foreign…

17 hours ago