Security researcher controlled passenger jet via inflight entertainment system

by
in security on (#96BP)
story imageChris Roberts, a security researcher with One World Labs, who has been issuing warnings about vulnerabilities in inflight entertainment systems for years, told the FBI agent during an interview in February that he had hacked the in-flight entertainment system on an airplane and overwrote code on the plane's Thrust Management Computer while aboard the flight. "He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights," FBI Special Agent Mark Hurley wrote in his warrant application. "He also stated that he used Vortex software after comprising/exploiting or 'hacking' the airplane's networks. He used the software to monitor traffic from the cockpit system."

"We believe Roberts had the ability and the willingness to use the equipment then with him to access or attempt to access the (inflight entertainment system) and possibly the flight control systems on any aircraft equipped with an (inflight entertainment system) and it would endanger the public safety to allow him to leave the Syracuse airport that evening with that equipment," sates the warrant application. Roberts has not yet been charged with any crime. The allegations contained in the search warrant application have not been proven in court.

Shortly after the incident with Roberts, Wired reported that the TSA and the F.B.I. issued a bulletin to airlines to be on the lookout for passengers showing signs they may be trying to hack into an airplane's Wi-Fi or inflight entertainment system. Wired also reported that the U.S. Government Accountability Office issued a report warning that electronic systems on some planes may be vulnerable to hacking.

ZOMG! Watch Out for People Who Look Like They're Actively Hacking!!!1one (Score: 0)

by Anonymous Coward on 2015-05-19 15:26 (#9BHZ)

> the F.B.I. issued a bulletin to airlines to be on the lookout for passengers showing signs they may be trying to hack into an airplane's Wi-Fi or inflight entertainment system

What a joke! An well-organized effort to break into passenger jet flight control systems doesn't need to possess any outwards visible behavior cues.

All any break-in needs is a person carrying a malicious transponder to interface with, and relay command and control transmissions.

They can just sit there, while someone else remotely transmits commands, which are then tunneled through the relay device. At that point, the limitations of the attack vector would be reduced to line-of-sight, and the remote transmitter's signal strength.

So then, what you have is a person carrying what appears to be a cell phone, but the guts have been replaced with a black box transponder. Some one from miles away could then broadcast signals to the transponder, which then delivers payloads, and returns the details of the avionics systems state.
Post Comment
Subject
Comment
Captcha
Of the numbers 14, seventy five or forty, which is the biggest?