Chris Roberts of One World told the FBI he had hacked into a plane’s Thrust Management Computer while on flight and caused it to change course.
Roberts was removed from a flight from Chicago to Syracuse after making a Tweet that indicated he might hack into the plane’s network. Upon landing, two FBI agents and security officers escorted Roberts from the plane and seized two laptop computers along with numerous hard drives and USB sticks. The agents did not have a warrant when they seized the devices, but told Roberts that one was pending.
Roberts had told WIRED that he breached in-flight networks about 15 times during flights, but had not gone beyond observing data traffic.
He also said he accessed networks through the Seat Electronic Boxes, or SEB, which are installed two to a row on each side of the aisle under passenger seats, on certain planes.
Roberts began investigating aviation security about six years ago after he and a research colleague accessed publicly available flight manuals and wiring diagrams for various planes. The documents showed how in-flight entertainment systems on certain planes were connected to the passenger satellite phone network, which included functions for operating some cabin control systems.
“We were within the fuel balancing system and the thrust control system,” Roberts said. “We watched the packets and data going across the network to see where it was going.”
While on board a flight from Denver to Chicago on April 15, Roberts Tweeted, “Find myself on a 737/800, let’s see Box-IFE-ICE-SATCOM, Shall we start playing with EICAS messages? ‘PASS OXYGEN ON’ Anyone?”
An FBI agent later examined that Denver-to-Chicago plane after it landed in another city and discovered the SEBs under the seats where Roberts had been sitting was possibly tampered with.
“The outer cover of the box was open approximately 1/2 inch and one of the retaining screws was not seated and was exposed,” Hurley wrote in his affidavit.
After that flight, Roberts was found to be carrying thumb drives containing malware as well as schematics for the wiring systems of a number of airplane models.
The FBI concluded Roberts “had the ability and the willingness to use the equipment then with him to access or attempt to access the IFE and possibly the flight control systems on any aircraft equipped with an IFE systems, and that it would endanger public safety to allow him to leave the Syracuse airport that evening with that equipment.”