FBI affidavit says hacker removed from United Airlines flight last month managed to change flight direction from his seat
A prominent hacker has told the FBI that he managed to make an airliner “climb” and move “sideways” after infiltrating its in-flight entertainment system.
The claim was made by Chris Roberts, the founder of the cybersecurity firm One World Labs, who was escorted from a United Airlines flight last month after sending in-air tweets bragging that he could deploy the oxygen masks.
The allegation that Mr Roberts said he had affected the actual performance the plane was made in an FBI affidavit applying for a warrant to search his computer, iPad and other electronic items that were confiscated by investigators after the tweeting incident.
The affidavit said that Mr Roberts claimed to have hacked the in-flight entertainment system and he overwrote the code on the plane's Thrust Management Computer while on board a flight.
"He stated that he successfully commanded the system he had accessed to issue the climb command. He stated that he thereby caused one of the aeroplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights," the affidavit said.
"He also stated that he used Vortex software after compromising/exploiting or 'hacking' the airplane's networks. He used the software to monitor traffic from the cockpit system," investigators wrote in the warrant that was first published by Canada's APTN News.
Mr Roberts admitted to investigators accessing plane computers systems more than a dozen times since 2011, accessing the systems by attaching an ethernet cable directly to the "Seat Electronic Box" that can be found under some seats, according to Wired Magazine.
It remains unclear if Mr Roberts, a well-known face in the hacking world, really did manage to move the plane or simply believed that he had.
In an interview with Wired, Mr Roberts said that the FBI affidavit had given an incomplete picture.
"That paragraph that's in there is one paragraph out of a lot of discussions, so there is context that is obviously missing which obviously I can't say anything about," he said.
"It would appear from what I've seen that the federal guys took one paragraph out of a lot of discussions and a lot of meetings and notes and just chose that one as opposed to plenty of others."
Following the media interest in the potential that a plane could be hacked in-flight, United Airlines last week launched a "bug bounty" program offering up to a million free air-miles to so-called White Knight – friendly – hackers who could uncover weaknesses in their corporate computer systems.
However the rewards program specifically rules out bounty for bugs uncovered on "on-board Wi-Fi, entertainment systems or avionics".
No comments:
Post a Comment