Security expert allegedly told FBI he hacked & steered airliner mid-flight
A computer security expert, who was recently detained and questioned by the FBI over his hack-a-plane joke on Twitter, had earlier revealed to the agency that he accessed aircraft control systems on up to 20 occasions, according to a search warrant.
The founder of One World Labs, Chris Roberts, was detained for questioning and had his hardware confiscated in April by federal agents after exiting a United flight from Chicago to Syracuse, New York following his tweet suggesting he might attempt to hack into a flight’s entertainment system.
The FBI addressed the tweet urgently and with great seriousness because previous encounters with Roberts revealed that he was capable of such activity. In a search warrant application, obtained by APTN National News, Roberts previously claimed to have told agents that during his research he used his skills and equipment to gain access to an in-flight aircraft entertainment console, or the IFE, on as many as 20 occasions.
“During these conversations, Mr. Roberts stated ... that he had exploited vulnerabilities with IFE systems on aircraft while in flight. He compromised the IFE systems approximately 15 to 20 times during the time period 2011 through 2014. He last exploited an IFE system during the middle of 2014,” FBI Special Agent Mark Hurley wrote in his application.
Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? "PASS OXYGEN ON" Anyone ? :)
— Chris Roberts (@Sidragon1) April 15, 2015
During at least one of these “test” flights, Roberts “stated that he then overwrote code on the airplane's Thrust Management Computer while aboard a flight,” the document claims. “He stated that he successfully commanded the system he had accessed to issue the CLB or climb command. He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane.”
The court document does not mention during which particular flights the interference with the aircraft controls took place.
According to the affidavit, Hurley met with Roberts in February and March to discuss IFE security vulnerabilities with regards to the Boeing 737 and 757, and Airbus A320 aircraft. It was during these interview sessions that Roberts revealed that his hacking into IFE that was produced by Panasonic and Thales.
When Roberts revealed his hacking abilities, Hurley writes that he had warned the programmer that accessing plane’s in-flight systems without authorization is a federal crime. Roberts, at the time said he understands and promised not to engage in such activity.
But after his April 15 tweet, the FBI apparently alleged the security expert could attempt to repeat success, and did go on to detain and question the man. The agents and technicians who inspected the aircraft which he flew to Chicago, before connecting to New York, allegedly found tampering on two electronic boxes next to Roberts’s seat. According to affidavit, one of the electronic boxes had been damaged.
“Technical specialists with the FBI believed that he may have just [hacked the plane’s system] again, or attempted to do so using the equipment then in his possession,” it said.
Bye bye electronics, all encrypted....and all now in custody/seized pic.twitter.com/a5o6rYTbZ0
— Chris Roberts (@Sidragon1) April 16, 2015
When the agents confiscated Roberts’ equipment in Syracuse – including a MacBook, an iPad, three hard drives and numerous removable USB flash drives – he denied hacking into any systems during the flight from Denver to Chicago.
“We believed that Roberts had the ability and the willingness to use the equipment ... to access or attempt to access the IFE and possibly the flight control systems ... and that it would endanger public safety to allow him to leave the Syracuse airport that evening with the equipment,” Hurley's report states.
It's busy...and a LOT of its out of context I'm afraid https://t.co/mWvYzNpDRW
— Chris Roberts (@Sidragon1) May 16, 2015
Roberts meanwhile told the Wired that the FBI has taken his remarks about hacking out of context of their comprehensive discussions with the agency.
“There is context that is obviously missing which obviously I can't say anything about,” he told the publication. “It would appear from what I've seen that the federal guys took one paragraph out of a lot of discussions and a lot of meetings and notes and just chose that one as opposed to plenty of others.”