auremar - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Alleged airplane hack creates more questions than answers

As details emerge about a security researcher's alleged hack -- and subsequent denial -- of an airplane, more questions are being asked than answers given.

News of a security researcher penetrating an airplane's network has dominated the news for the past few days, but the reality of the situation is muddled.

An application for a search warrant filed by FBI Special Agent Mark Hurley on April 17, which was obtained and published online last Friday by Canadian news outlet APTN National News, alleges the devices seized from Chris Roberts, a security researcher with One World Labs, contain evidence that he successfully commandeered the network of an in-flight airplane he was riding on. Roberts has not been charged with any crime at this time.

In a previous interview, Roberts told Wired he caused a plane to climb in a virtual environment, but insisted he did not interfere with the operations of a plane in flight. Roberts also told Wired he accessed in-flight networks approximately 15 times during various flights only to "explore" and "observe data traffic crossing them."

While the FBI affidavit mentions the virtual environment, it also states Roberts admitted to controlling a plane in flight. During conversations with the FBI, the warrant application reads, Roberts said he had "exploited vulnerabilities with [in-flight entertainment, or IFE] systems on an in-flight aircraft" 15 to 20 times from 2011 to 2014.

According to the warrant application, Roberts gained access to the network through the Seat Electronic Box installed under passenger seats on airplanes; he was able to remove the SEB cover by "wiggling and squeezing" the box. He then used an Ethernet cable with a "modified connector" to connect his laptop to the IFE system.

The affidavit states Roberts then connected to other systems and overwrote code on the airplane's Thrust Management Computer to successfully command the system and issue a "CLB," or climb command, which "thereby caused one of the airplanes to climb, resulting in a lateral or sideways movement of the plane."

Many news articles over the past few days, however, may have been a bit too aggressive in their conclusions, especially as what is contained in the warrant has not been proven in a court of law. The FBI believes Roberts hacked a plane, yet Roberts denies it.

Before the weekend was over, many security researchers were questioning what really happened. Expert Graham Cluley argued the very real possibility that nothing at all had happened. He wrote in his blog, "Wired isn't saying that Chris Roberts claimed to have hijacked and meddled with a plane's flight, instead, they're saying that the FBI's search warrant claims that Roberts told them that he had done that."

While the affidavit does not state which flight Roberts allegedly controlled, Roberts maintains he did not penetrate the IFE system of the April 15 flight during which he tweeted his now infamous "joke:"

The same day, Roberts was questioned by the FBI and had his computer equipment seized.

Though Roberts denies any wrongdoing on this flight, the FBI search warrant application claims the SEB installed near Roberts "showed signs of tampering" and was "open approximately ½ inch and one of the retaining screws was not seated and was exposed."

Not only are questions arising about what happened during the supposed airline hack, but also whether it is even possible to connect to mission-critical airplane systems through in-flight entertainment.

Law enforcement sources told ABC News there is no evidence a hacker could gain control of an airline network as Roberts described. Federal sources also told ABC News it is extremely unlikely someone could hack into an in-flight plane's control system.

"Nobody can take control of the airplane right now," ABC News aviation consultant and former Marine Corps pilot Steven Ganyard said. "At this point, we don't have any reason to suggest that somebody can take over the airplane and fly it into a mountainside."

United Airlines spokesperson Rohsaan Johnson also refuted Roberts' claims, telling The Associated Press, "We are confident our flight control systems could not be accessed through techniques he described." (United Airlines has since released details of a bug bounty program to incentivize researchers to disclose vulnerabilities to the company directly.)

The U.S. Government Accountability Office released a report last month revealing modern communications make aircraft more vulnerable to attack, but many have also refuted this claim. Dr. Phil Polstra, a qualified pilot and professor of digital forensics at Bloomsbury University, said the report contained "erroneous information" and was "deceptive."

"It's certainly possible," security expert and frequent critic of air travel security Bruce Schneier said, "but in the scheme of internet risks I worry about, it's not very high."

While Roberts has not yet denied completing any airplane hacks, he did discuss the inaccuracies of the affidavit with Wired.

"That paragraph that's in there is one paragraph out of a lot of discussions, so there is context that is obviously missing, which, obviously, I can't say anything about," he said. "It would appear from what I've seen that the federal guys took one paragraph out of a lot of discussions and a lot of meetings and notes and just chose that one as opposed to plenty of others."

Roberts also told Forbes today that "typically all maintenance and system software issued [or] procured from manufacturers is for monitoring only, not influencing." Roberts offered no further details.

Roberts has also taken to Twitter to defend himself, alluding to conversations that were held "in confidence," information that "needs to be said and will come out," and "a lot" of things being taken "out of context."

Roberts still maintains all his actions have been in the name of aircraft security.

Next Steps

Take a look at the ethics of hacking

Dig Deeper on Penetration testing, ethical hacking and vulnerability assessments

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

I have seen the story as well on TV.  I am curious if we will be given the truth. Would you fly if you knew someone could take control of the plane from their seat? It all comes down to not being able to disconnect ourselves from the internet. I personally do not own a smartphone and have been in IT for 30+ years.  I never felt the need to be connected 24/7.  I can see having some form of entertainment on a plane for long trips but do you really need to play candy crush at 30,000 feet ??
Looks like United's "Bug Bounty" Program explicitly does NOT include bugs found in on-board avionics.
There's the entertainment, looking out of the Window seat! Does it every time for me, I have no need to look at a screen for the flight :)
This is really a joke, raise attention to security vulnerabilities in planes? If his story is true, then what if something would have gone wrong with the plan as he is playing around with safety and/or security of the plane? This is a story similar to the Colorado man (a month or so ago) landing his title plan near the Capital so to get attention for his cause. Everyone knows what is good for others by placing everyone else in danger, how cute.
Unless the inflight entertainment system and wireless Ethernet (where supplied) are physically separated from the avionics/flight control/flight management systems, you can have no positive assurance that the one cannot effect changes upon the other.
I'm not sure how much credence I put in assurances about a system (such as the more-than-one architecture as is the case with current build commercial aircraft) with which I have little familiarity. Especially when the one axiom of this business is: if they can get to it, they can use it.
Nothing connected or even just close by is immune from hacking. It is thought that by connecting to a ground rod of a buildings electrical service one can tune into any telephone conversation, computer system, etc. Go ahead laugh at the concept, then read about why at governmental buildings they hide the ground rods under the building. I know nothing about a planes electronics but can guess that most electronics will find it's way back to the planes metal skin. Just find another place to connect into a system and read through a digital filter anything you like. Can't build a unit small enough to read the data there, build a recorder to log it and decode it elsewhere. Then later when you know what the data all means send your own and you are in control. We get closer everyday to opening up our cars, our utilities, now our planes to people who have the brains to tap in.
It's getting scary to see how many things we take for granted can be hacked. I have seen videos where they can hack and take control of the functions of your car. So why not a plane ? Another scary thing it some people have to have the latest gadget to impress friends. Like being able to control you house from your smart phone. Unlock doors , turn on heat, turn off alarm.... on hack and now the criminals can just let them selves into your home without making a noise.
There's a lot in this story that seems fishy, or odd, I'm not sure what more can be said though.
True. It's just a story for now. I'd like to see it done again under a controlled environment. If the airline refuses, are they hiding a known flaw? otherwise every hacker will try it for themselves.