Security expert said he accessed plane controls mid-flight (Update)

May 18, 2015 byCarolyn Thompson
Boeing 737-700 jet airliner. Credit: Wikipedia/Arcturu

A security researcher told federal agents he was able to hack into aircraft computer systems mid-flight numerous times through the in-flight entertainment systems, and at one point he caused a plane he was on to move sideways, according to an FBI agent's affidavit.

Although the claims are still being investigated, the airline involved, United, cast doubt on whether it was possible to control an airplane through the entertainment system, while other experts said such cyber threats should be taken seriously given that airplanes are increasingly connected to the Internet.

The researcher, Chris Roberts, was questioned upon his arrival at the Syracuse, New York, airport April 15. He had suggested on Twitter while on a United Airlines flight from Chicago that he could get the oxygen masks to deploy or interfere with the cockpit's alert systems, according to the court filing in support of a search warrant for Roberts' laptop and other electronics.

Roberts founded One World Labs, which tries to discover security risks before they are exploited. He had met previously, in February and March, with the FBI to discuss vulnerabilities with in-flight entertainment systems aboard certain aircraft, the affidavit said. During the meetings, Roberts claimed to have compromised the systems 15 to 20 times between 2011 and 2014, using a cable to connect his laptop to an electronics box located beneath passenger seats, the document said.

"He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights," the affidavit said.

Roberts declined to comment Monday when reached at his Denver, Colorado, office. In a statement issued through his attorney, he said his "only interest has been to improve aircraft safety."

"Given the current situation, I've been advised against saying more," said the statement provided by Nate Cardozo, a staff attorney with the San Francisco-based Electronic Frontier Foundation.

A report by the U.S. Government Accountability Office last month said some commercial aircraft may be vulnerable to hacking over their onboard wireless networks.

"Modern aircraft are increasingly connected to the Internet. This interconnectedness can potentially provide unauthorized remote access to aircraft avionics systems," the report said.

The fact that passengers on flights with in-seat video monitors can shift between television and a map showing the plane's real-time location indicates a link between the flight control and passenger entertainment networks, said Steven Bellovin, a computer science professor at Columbia University. And airplanes that offer Wi-Fi are likely using the same data link used by pilots to communicate with the airline, he said.

"Now the question is, what is the form of isolation between the passenger network and everything else?" Bellovin said. "There is some kind of linkage but there are different ways to do this—really securely and not particularly securely, and I have no way of knowing which has actually been done here."

After stopping Roberts from continuing on from Syracuse to California following his FBI interview last month, the airline cited Roberts' "claims regarding manipulating aircraft systems."

"However, we are confident our flight control systems could not be accessed through techniques he described," spokesman Rahsaan Johnson told The Associated Press.

In a statement, a Boeing spokesman said in-flight entertainment systems on airliners are isolated from flight and navigation systems.

Pilots have more than one navigation system, spokesman Alder said. "No changes to the flight plans loaded into the airplane systems can take place without pilot review and approval," he said, declining to discuss specific design features for security reasons.

Tim Erlin, director of IT security and risk strategy at the cybersecurity firm Tripwire, said it's possible that systems are connected in some aircraft and not in others.

"There are many different types of aircraft in service, with varying levels of technology from different time periods," Erlin said via email. "If a system was installed well before these kinds of attacks and tools were conceived of, there would have been no reason not to connect them, and it might have been perceived as extra cost and complexity to keep them separate."

Explore further: Researcher denied flight after tweet poking United security

Related Stories

Researcher denied flight after tweet poking United security

April 19, 2015

United Airlines stopped a prominent security researcher from boarding a California-bound flight late Saturday, following a social media post by the researcher days earlier suggesting the airline's onboard systems could be ...

Sony network hacked, exec's flight diverted (Update 2)

August 25, 2014

Hackers attacked Sony's PlayStation Network and apparently disrupted the travel plans of a top company executive by going on Twitter to suggest that there was a bomb on his American Airlines plane.

Recommended for you

Coffee-based colloids for direct solar absorption

March 22, 2019

Solar energy is one of the most promising resources to help reduce fossil fuel consumption and mitigate greenhouse gas emissions to power a sustainable future. Devices presently in use to convert solar energy into thermal ...

NASA instruments image fireball over Bering Sea

March 22, 2019

On Dec. 18, 2018, a large "fireball—the term used for exceptionally bright meteors that are visible over a wide area—exploded about 16 miles (26 kilometers) above the Bering Sea. The explosion unleashed an estimated 173 ...


Adjust slider to filter visible comments by rank

Display comments: newest first

2.4 / 5 (5) May 18, 2015
Someone is not telling the truth here. Either the aircraft industry in engaging in a massive cover up that risks air safey or the FBI has no case against this security researcher. Hopefully the truth will come out in court.

If aircraft are susceptible to hacking by passengers, it means the steps taken to lock everyone out of the cockpit were a complete waste of time, and a terrorist only need access to the passenger cabin to take control of an aircraft. If there is any truth in the claims that these planes can be hacked, they should be grounded until the problem is fixed, as would be done in the case of other design flaws that present a significant risk to the safety of the aircraft.

If the security research did illegally hack into an aircraft in the air, he should face the consequences of his actions, whatever the truth of the underlying air safety issue may be.
1 / 5 (1) May 18, 2015
"They are confident that blah blah" They never even looked. They don't care, and they don't want anyone else to care.
1 / 5 (1) May 19, 2015
A clown got caught trying his best to kill everyone on the plane. He spins a stupid lie to try to mitigate his sentence. He fails. Happily a dumb journalist repeated all his lies either through gullibility or greed and here we all are.
3 / 5 (1) May 19, 2015
Hopefully the truth will come out in court.

There isn't going to be any "court", he wasn't charged with anything, just detained for questioning.
4.7 / 5 (3) May 19, 2015
A clown got caught trying his best to kill everyone on the plane.

He didn't try to kill anyone. He's a security researcher. It's his friggin' job to test the security of systems.
Just putting your fingers in your ears and going "lalala" doesn't make security holes in critical systems go away.
Don't you think the guy would be risking his job bigtime if he couldn't do what he claimed he could (and tweet it to boot)?

"No changes to the flight plans loaded into the airplane systems can take place without pilot review and approval,"

This may be so, but there are a myriad of other, critical systems that aren't covered by this.
And if you really want to change the flight path then just spoof the GPS signal like so:

In that case the flight plan will stay the same but your plane will end up somewhere else.
3 / 5 (2) May 19, 2015
It seems prudent not to publicly leak the details until any perceived or actual problems are addressed. It wouldn't do to get a bunch of script kiddies trying to duplicate this and cause actual harm, however remote the possibility may be.
3 / 5 (2) May 19, 2015
I call BS.
not rated yet May 20, 2015
It seems prudent not to publicly leak the details until any perceived or actual problems are addressed. It wouldn't do to get a bunch of script kiddies trying to duplicate this and cause actual harm, however remote the possibility may be.

That only works when those responsible for the security flaw are willing to fix it. It is not uncommon for security flaws to be known for years, without any fixes being applied. After notifying those responsible and giving a reasonable period of time for the issue to be resolved, sometimes it is necessary to disclose the vulnerability to put pressure on them to fix the problem.

A security researcher has an incentive to do the right think and report the problem. However, criminals and terrorists want to take advantage of flaws rather than reporting them. If a security researcher can find the vulnerability so can be bad guys. Anyone the believes that this is only one person probing aircraft systems for flaws is a fool.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.