Hacker admits hijacking plane mid-air: FBI

[Hvr]

Hacker admits hijacking plane mid-air: FBI
A security researcher hijacked an airplane's engines after hacking its in-flight entertainment systems, according to the US Federal Bureau of Investigation.



Chris Roberts, a well-known US security researcher, told FBI agents in February that he'd hacked in-flight entertainment systems on over a dozen flights and on one occasion hijacked an aircraft's thrust management computer and briefly altered its course.

<snip>

According to the document, during interviews in February and March, Roberts said he'd compromised in-flight entertainment systems on 15 to 20 flights between 2011 and 2014.

Each time he'd pried open the cover of the electronics box located under passenger seats and would connect his laptop to the system with an ethernet cable. He'd also scan the network for security flaws and monitored communications from the coughpit.

If true then there may be severe consequences down the line for both the alleged perpetrator and passengers. It would be horrible to travel without my laptop/PED to while away the hours on a long haul flight.

 

[harvyk]

The magic words here are "each time he pried open the cover of the electronics box".
Yes that makes him a hacker in the literal sense of the word, BUT he actively damaged parts of the plane to do so. It's not like he realised that by pressing the pause button at certain points of the movie he could turn off the engines, this was a case of willful damage to gain access to components to damage them.

I might as well say "look here, if I pry off this section of roof and cut this cable, the pilot has trouble controlling the plane."

 

[Plutonus]

I'll be waiting with interest to see if it is confirmed that he was successful. I think I've seen jb747 say many times say the IFE system is completely separate and has no link to flight control systems, so his ability to 'hack' the IFE wouldn't result in what he claims. It would also seem unlikely that any flight control data related cables are in the boxes under passenger seats.

 

[harvyk]

I am willing to at least somewhat listen to him. There might not be an obvious to the pilots link between flight computers and IFE, but IFE which has moving maps needs to get its data from somewhere, and unless they have installed a separate set of pitot tubes for IFE, my money is the data is being fed from the FMC (Flight Management Computer)

In terms of actually cracking a system the technical hurdle this person would need to overcome is determining what the pilots can send to the FMC. If the plane network is setup using a hub (old tech but excellent for broadcasting data eg flight speed) then at least seeing what is going around the place would be very easy (eg network card in promiscuous mode with copy of wireshark would do it). Should they be using a more modern switch then it would be impossible to monitor pilot interaction (although it MIGHT be possible to send new commands if you already knew exactly what to send, something tells me that is information which boeing tightly controls). Of course it's entirely possible all he saw was the flight data feed for the moving maps and anything else was simply made up / coincidence. (Since I would imagine most pilots would do a landing if the plane started doing uncommanded actions)

in anycase, two things might come from this, 1 is a software update to ensure all data received by the FMC has been authenticated, 2 a phyical hardening of all electronic boxes on the plane which are accessible by pax.

 

[medhead]

Someone with a nefarious purpose is not going to be put off damaging the aircraft. Dismissing this because that was required is invalid. I want to know why no one observed his actions, or no one confronted him about his actions.

 

[BAM1748]

I'd like to think there is no where in the passenger compartment anyone can plug their laptop into the coughpit, time to change it.

As someone else mentioned, if the IFE is not connected where to they get the speed and altitude info from for my little map.

 

[harvyk]

Someone with a nefarious purpose is not going to be put off damaging the aircraft. Dismissing this because that was required is invalid. I want to know why no one observed his actions, or no one confront him about his actions.

True, although if you read some media reports they made out that all was required was to select a movie in just the right way you could fly the plane from 36A, were as actual damage was required.

 

[russ]

I just read the application for search warrant at http://aptn.ca/news/wp-content/uploads/sites/4/2015/05/warrant-for-Roberts-electronics.pdf

One would think that if the passenger was able to control the aircraft, it would have been mentioned in the application. However, the only substantive evidence in the application is the passenger's repeated claims that he hacked the system and some evidence of physical tampering of the entertainment unit.

Looks to me like he's just an internet troll.

 

[TomVexille]

I'm still skeptical at this point. Especially as some of the headlines state he "made" a plane fly sideways

 

[Himeno]

This is the media taking things out of context.
It is far more likely that he used aircraft parts doing this as a lab test for his job, and never actually done on any aircraft in flight.

 

[harvyk]

This is the media taking things out of context.
It is far more likely that he used aircraft parts doing this as a lab test for his job, and never actually done on any aircraft in flight.

I somewhat doubt that, it would be a very expensive thing to set up.

I don't know what this guy was trying to achieve. One would assume that the flights was going as good as they ever could, all he could do is do something that puts the plane into a worse position. Sending through bad commands can at best do absolutely not a thing in the world, and at worst create a flaming hole in the ground with himself at the center.

Lets assume that he is right and he sent a command to increase the speed of the engine a little, assuming that's all he did he is really very lucky that he guessed the right command to simply increase the engine speed and not completely overspeed the engine or shut it off mid flight (no, things in programming are not always 0 = off, 100 = full). He is also really lucky that his little playing around didn't do something which would crash the flight computers (since unhandled bad input can easily crash a computer, furthermore in a completely closed \ trusted network such as this they may not be as strict about handing unexpected inputs).

So yeah, it's pretty safe to say no matter what way you look at this, the guy is an A1 idiot.

 

[Daver6]

The airline manufacturers are totally to blame for this in my opinion. Instead of keeping the flight control/computers etc networks physically separate they chose not to in order to cut costs.

Nothing beats physical separation when it comes to security.

 

[MEL_Traveller]

I actually think this is a good thing. I'd rather this guy do the hacking (if it actually happened) rather than someone who didn't shout it from the roof-tops and just crashed the plane.

 

[russ]

The airline manufacturers are totally to blame for this in my opinion.

Totally to blame for what? All I can see is that the passenger has made some pretty extraordinary claims, but no evidence of them being true.

 

[Cruiser Elite]

FBI have dismissed it as total baloney - alleged hacker well known to them and described as a 'dangerous fraud' - UA have banned him for life - hopefully ALL carriers will do the same.

 

[clazman]

Surely the switch / router logs would have shown up some discrepancy if he had done what he said he did

 

[harvyk]

Surely the switch / router logs would have shown up some discrepancy if he had done what he said he did

Unlikely, his whole point is that there is no security. That said if two posts up is to be believed the whole this was simply BS.

 

[JohnK]

I wouldn't be surprised if this was possible.

Too many gadgets and the push to provide more and more outlets for people to use their gadgets.

 

[NM]

Surely the switch / router logs would have shown up some discrepancy if he had done what he said he did

You are assuming someone actually looks at such logs.

 

[jb747]

He's a fruit loop/troll/attention seeker.