Feds: Bloke 'HACKED PLANE controls' – from his PASSENGER seat
Or so he said, anyway. And it wasn't even first class
The FBI has accused an infosec security researcher of hacking into the controls of a United Airlines plane in midair via the inflight entertainment system, causing the aircraft to temporarily fly "sideways".
Infosec chap Chris Roberts allegedly made that audacious claim to special agent Mark Hurley of the FBI, who subsequently applied for a search warrant to examine Roberts' seized electronic devices.
Thirteen items including thumb drives, a MacBook Pro and an iPad Air were confiscated from Roberts on 15 April this year after the researcher exited a United Airline flight in Syracuse, New York, according to the Feds' affidavit (PDF).
Roberts, head of One World Labs, has been quizzed twice by the FBI over the course of the past months.
He apparently told the federales that he had hacked the inflight entertainment systems of Airbus and Boeing aircraft roughly 15 to 20 times between 2011 and 2014.
He has previously flagged up concerns about security flaws in inflight entertainment systems, or IFE.
But Roberts has now been accused of admitting that he tampered with, and compromised, those systems.
Hurley wrote in his warrant application:
[Roberts] stated that he overwrote code on the airplane's Thrust Management Computer while aboard a flight. He stated that he successfully commanded the system he had accessed to issue the "CLB" or climb command.
He stated that he thereby caused the one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights.
He also stated that he used Vortex software after compromising/exploiting or "hacking" the airplane's networks. He used the software to monitor traffic from the cockpit systems.
Roberts has since claimed that the FBI special agent had quoted him out of context. He tweeted earlier today:
Over last 5 years my only interest has been to improve aircraft security...given the current situation I've been advised against saying much— Chris Roberts (@Sidragon1) May 17, 2015
Sorry it's so generic, but there's a whole 5 years of stuff that the affidavit incorrectly compressed into 1 paragraph....lots to untangle— Chris Roberts (@Sidragon1) May 17, 2015
Late last week, United Airlines appealed for bug hunters to spot flaws in its ordinary web portals, for rather paltry rewards. ®
Sponsored: Beyond the Data Frontier