- Sputnik International
World
Get the latest news from around the world, live coverage, off-beat stories, features and analysis.

FBI: Security Researcher Hacks Into Airplane Systems While on Flight

© Flickr / Christian Junker - AHKGAPUnited Airlines sues over "unfair competition."
United Airlines sues over unfair competition. - Sputnik International
Subscribe
A security researcher who tweeted about a plane’s security vulnerabilities managed to hack into a plane’s security systems and even caused the plane to fly sideways.

Chris Roberts of One World told the FBI he had hacked into a plane’s Thrust Management Computer while on flight and caused it to change course.

Wi-Fi onboard - Sputnik International
World
Boeing Disputes US Report Claiming Aircraft Vulnerable to Hacking
“He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights,” FBI Special Agent Mark Hurley wrote in his warrant application (.pdf). “He also stated that he used Vortex software after comprising/exploiting or ‘hacking’ the airplane’s networks. He used the software to monitor traffic from the cockpit system.”

Roberts was removed from a flight from Chicago to Syracuse after making a Tweet that indicated he might hack into the plane’s network. Upon landing, two FBI agents and security officers escorted Roberts from the plane and seized two laptop computers along with numerous hard drives and USB sticks. The agents did not have a warrant when they seized the devices, but told Roberts that one was pending.

Roberts had told WIRED that he breached in-flight networks about 15 times during flights, but had not gone beyond observing data traffic.

He also said he accessed networks through the Seat Electronic Boxes, or SEB, which are installed two to a row on each side of the aisle under passenger seats, on certain planes.

The information to hack a military drone - as Iran claims it did to capture the drone pictured here in 2011 - is freely available to the public online, according to an Israeli defense manufacturer. - Sputnik International
Just Google It: Info on How to Hack a Military Drone is Already Online
After removing the cover to the SEB by “wiggling and Squeezing the box,” Roberts told agents he attached a Cat6 Ethernet cable, with a modified connector, to the box and to his laptop and then used default IDs and passwords to gain access to the in-flight entertainment system. Once on that network, he was able to gain access to other systems on the planes.

Roberts began investigating aviation security about six years ago after he and a research colleague accessed publicly available flight manuals and wiring diagrams for various planes. The documents showed how in-flight entertainment systems on certain planes were connected to the passenger satellite phone network, which included functions for operating some cabin control systems.

“We were within the fuel balancing system and the thrust control system,” Roberts said. “We watched the packets and data going across the network to see where it was going.”

While on board a flight from Denver to Chicago on April 15, Roberts Tweeted, “Find myself on a 737/800, let’s see Box-IFE-ICE-SATCOM, Shall we start playing with EICAS messages? ‘PASS OXYGEN ON’ Anyone?” 

Hacking - Sputnik International
World
British Man Arrested for Hacking Into US Dept of Defense
A United Airlines Cyber Security Intelligence Department member became aware of the tweet and contacted the FBI.

An FBI agent later examined that Denver-to-Chicago plane after it landed in another city and discovered the SEBs under the seats where Roberts had been sitting was possibly tampered with.

“The outer cover of the box was open approximately 1/2 inch and one of the retaining screws was not seated and was exposed,” Hurley wrote in his affidavit.

After that flight, Roberts was found to be carrying thumb drives containing malware as well as schematics for the wiring systems of a number of airplane models. 

The FBI concluded Roberts “had the ability and the willingness to use the equipment then with him to access or attempt to access the IFE and possibly the flight control systems on any aircraft equipped with an IFE systems, and that it would endanger public safety to allow him to leave the Syracuse airport that evening with that equipment.”

Newsfeed
0
To participate in the discussion
log in or register
loader
Chats
Заголовок открываемого материала