I gained control of a commercial flight: US hacker
Cracker tells FBI he cyber-jacked plane through inflight entertainment system
A US-based hacker told federal investigators that he managed to gain control of the engines of commercial aircraft mid-flight using just his laptop and an Ethernet cable, and perform a climbing manoeuvre, Canadian news site APTN reported.
Chris Roberts, who reportedly was already known to the FBI before the investigation, told agents he had cracked the engines' systems by first infiltrating an aircraft's inflight entertainment system. He has been interviewed by the bureau three times this year, but has yet to be charged with a crime. According to a search warrant, the FBI believes he is capable of achieving what he claims.
Last month the US Government Accountability Office published a report warning that cockpit systems are tied, albeit indirectly, to the passenger cabin, through shared networks. While critical systems are heavily firewalled, the GAO cited expert security consultants who said the system was hackable.
Roberts is the founder of One World Labs and bills himself as a White Hat consultant, identifying vulnerabilities before they can be exploited. In mid-April Roberts took a United Airlines flight from Denver to Chicago. While on board he tweeted about hacking into the aircraft's oxygen mask system through its in-flight entertainment.
At the conclusion of an onward flight to Syracuse, New York the same day, several of his computing devices (an iPad, a MacBook Pro, three hard drives, six thumb drives and two USB cables) were seized by the FBI, which subsequently obtained a search warrant to probe the devices.
"He stated that he successfully commanded the system he had accessed to issue the ‘CLB' or climb command," said an affidavit, signed by FBI agent Mike Hurley. "He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights."
Roberts also claimed he had accessed aircraft networks and was able "to monitor traffic from the cockpit system".
"We believe Roberts had the ability and the willingness to use the equipment then with him to access or attempt to access the [inflight entertainment system] and possibly the flight control systems on any aircraft equipped with an [inflight entertainment system] and it would endanger the public safety to allow him to leave the Syracuse airport that evening with that equipment," said the warrant application.