Security researcher controlled passenger jet via inflight entertainment system

by
in security on (#96BP)
story imageChris Roberts, a security researcher with One World Labs, who has been issuing warnings about vulnerabilities in inflight entertainment systems for years, told the FBI agent during an interview in February that he had hacked the in-flight entertainment system on an airplane and overwrote code on the plane's Thrust Management Computer while aboard the flight. "He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights," FBI Special Agent Mark Hurley wrote in his warrant application. "He also stated that he used Vortex software after comprising/exploiting or 'hacking' the airplane's networks. He used the software to monitor traffic from the cockpit system."

"We believe Roberts had the ability and the willingness to use the equipment then with him to access or attempt to access the (inflight entertainment system) and possibly the flight control systems on any aircraft equipped with an (inflight entertainment system) and it would endanger the public safety to allow him to leave the Syracuse airport that evening with that equipment," sates the warrant application. Roberts has not yet been charged with any crime. The allegations contained in the search warrant application have not been proven in court.

Shortly after the incident with Roberts, Wired reported that the TSA and the F.B.I. issued a bulletin to airlines to be on the lookout for passengers showing signs they may be trying to hack into an airplane's Wi-Fi or inflight entertainment system. Wired also reported that the U.S. Government Accountability Office issued a report warning that electronic systems on some planes may be vulnerable to hacking.
Reply 10 comments

See Also (Score: 2, Informative)

by bryan@pipedot.org on 2015-05-17 21:31 (#97MJ)

Previously #7NYM

If he really manipulated a plane in flight... (Score: 3, Insightful)

by tanuki64@pipedot.org on 2015-05-18 06:12 (#985F)

...he deserves jail time. But so does every idiot, who is responsible for implementing a passenger wifi system, which is not 100% separated from the flight systems. And jail time for everybody who could have done something, but did not after she was informed that something like that is possible.

ZOMG! Watch Out for People Who Look Like They're Actively Hacking!!!1one (Score: 0)

by Anonymous Coward on 2015-05-19 15:26 (#9BHZ)

> the F.B.I. issued a bulletin to airlines to be on the lookout for passengers showing signs they may be trying to hack into an airplane's Wi-Fi or inflight entertainment system

What a joke! An well-organized effort to break into passenger jet flight control systems doesn't need to possess any outwards visible behavior cues.

All any break-in needs is a person carrying a malicious transponder to interface with, and relay command and control transmissions.

They can just sit there, while someone else remotely transmits commands, which are then tunneled through the relay device. At that point, the limitations of the attack vector would be reduced to line-of-sight, and the remote transmitter's signal strength.

So then, what you have is a person carrying what appears to be a cell phone, but the guts have been replaced with a black box transponder. Some one from miles away could then broadcast signals to the transponder, which then delivers payloads, and returns the details of the avionics systems state.

Re: ZOMG! Watch Out for People Who Look Like They're Actively Hacking!!!1one (Score: 1)

by tanuki64@pipedot.org on 2015-05-19 15:41 (#9BJV)

You think far too complicated. Do you really think the flight attendants are able to distinguish between a passenger playing tetris and one trying to hack the system? I suppose after reading the bulletin they look around to see if one of their passengers is wearing a black hat. They might have heard that black hats are evil hackers.

Re: ZOMG! Watch Out for People Who Look Like They're Actively Hacking!!!1one (Score: 0)

by Anonymous Coward on 2015-05-20 08:45 (#9CJT)

Yeah, I know! It's like they pick me out of the crowd going ZOMG HACKER! Can't I I wear my Black Hat in peace?

Xmonad + Xterm with green text (Score: 1, Interesting)

by Anonymous Coward on 2015-05-20 12:35 (#9D0V)

My "desktop" is xmonad with many xterms open. I use green as foreground color, so almost all text comes up at green. I read my mail through the console, ircing, writing programs with vim. How would they interpret this? A lot of green text flying on screens...

I think it is impossible for uneducated people to know what somebody does in front of the computer. Just because it looks like "Hollywood hacking" it is not hacking.

Re: Xmonad + Xterm with green text (Score: 2, Insightful)

by skarjak@pipedot.org on 2015-05-20 17:54 (#9DRP)

They would interpret you as dangerous. As well they should! You are educated in something they don't understand, so that makes you scary.

Re: Xmonad + Xterm with green text (Score: 2, Interesting)

by billshooterofbul@pipedot.org on 2015-05-20 20:14 (#9E0S)

Hmm... It would be great if you had some kind of polarized display that showed you the contents only if you are wearing special glasses. Yet to everyone else, it looks like solitaire...

Something like this, but with solitaire for everyone else not wearing glasses:

http://www.instructables.com/id/Privacy-monitor-made-from-an-old-LCD-Monitor/

I think if you sat with glasses on staring at a white screen, that might also rasie suspisions too much.

Re: Xmonad + Xterm with green text (Score: 1)

by tanuki64@pipedot.org on 2015-05-21 17:39 (#9G3C)

I think it is impossible for uneducated people
What do you mean with 'uneducated people'? I am very educated. Softwaredeveloper and consultant for years. And it still would be impossible for me to see what you are doing if you type on your laptop on the neighbouring seat. Especially since most people give others a modicum of privacy and don't constantly snoop what they are doing.

Re: Xmonad + Xterm with green text (Score: 1)

by billshooterofbul@pipedot.org on 2015-05-21 22:43 (#9GJN)

Really? Its usually pretty simple. I have a bad habit of sneaking looks at other random people's computers in public places. Like what are they doing at starbucks/mc donalds? Why are they traveling? What does an enterprise spreadsheet look like? Are they using macros? So many interesting things one could learn by glancing over. I'd probably notice he was doing something cool. Probably not enough to think " hey he's trying to take over the flight system" , but enough to try and find a way to start an innocuous conversation with him to try and figure it out. Like: Is that xnomad? I've never seen such a nice setup before... Etc, until I tiptoed around what he was doing.

Not sure if I'd be the best spy in the world, or the worst. With such a dramatic swing in possible outcomes, its probably glad that I'm not one.