FBI: researcher admitted to hacking plane in-flight, causing it to “climb”
by Cyrus Farivar, ARS Technica
A newly-published search warrant application shows that an aviation computer security researcher told the FBI that he briefly took control of at least one commercial airliner. The warrant, which was filed in a federal court in New York state, was first published Friday by APTN, a Canadian news site.
According to the affidavit for the warrant application, the researcher, Chris Roberts, told the FBI that he:
connected to other systems on the airplane network after he exploited/gained access to, or “hacked” the [in-flight entertainment] system. He stated that he then overwrote code on the airplane’s Thrust Management Computer while aboard a flight. He stated that he successfully commanded the system he had accessed to issue the climb command. He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights. He also stated that he used Vortex software after compromising/exploiting or “hacking” the airplane’s networks. He used the software to monitor traffic from the cockpit system.
Roberts did not immediately respond to Ars’ request for comment, but he told Wired on Friday that this paragraph was taken out of context.
“It would appear from what I’ve seen that the federal guys took one paragraph out of a lot of discussions and a lot of meetings and notes and just chose that one as opposed to plenty of others,” he said, declining to elaborate further.
As Ars previously reported, Roberts was detained and questioned by the FBI in April 2015 after he landed on a United Airlines flight from Denver, Colorado to Syracuse, New York.
While on board that flight, he tweeted a joke about taking control of the plane’s engine-indicating and crew-alerting system, which provides flight crews with information in real-time about an aircraft’s functions including temperatures of various equipment, fuel flow and quantity, and oil pressure. In the tweet, Roberts jested: “Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? ‘PASS OXYGEN ON’ Anyone ? :)”
FBI agents then questioned Roberts for four hours and confiscated his iPad, MacBook Pro, and storage devices.
Since this incident, United has instituted a bug bounty program.
After this revelation, Roberts was roundly criticized by his professional peers on Twitter.
There’s really not much any of you can do to convince me that sending low level commands to an engine in flight is anywhere near safe.
— Wesley McGrew (@McGrewSecurity) May 16, 2015
Either he lied about fucking with live planes or actually fucked with live planes. Both are unacceptable for an infosec professional.
— Nick DePetrillo (@nickdepetrillo) May 16, 2015
Roberts has not been arrested, nor charged with a crime.