Scary in-flight hacking details come to light in FBI probe

FBI: Security researcher took over controls of plane

The security researcher booted from a United Airlines flight last month had previously hacked into a plane’s flight deck systems to momentarily alter its course, according to FBI search warrant.

Chris Roberts, a security researcher with One World Labs, told the FBI in February he had hacked the in-flight entertainment system and re-coded the plane’s Thrust Management Computer allowing him to alter its course.

“He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights,” FBI Special Agent Mark Hurley said in the warrant application.

“He also stated that he used Vortex software after comprising/exploiting or ‘hacking’ the airplane’s networks to monitor traffic from the cockpit system.”

Roberts was taken off a United Airlines flight following a joke Tweet about its security vulnerabilities and questioned by FBI agents for several hours.

He also told investigators he had accessed in-flight systems on more than a dozen previous occasions between 2011 and 2014.

Some in the information security industry have expressed doubt about the claims while others disbelief at his actions.

“You cannot promote the idea that security research benefits humanity while defending research that endangered hundreds of innocents,” said Alex Stamos, chief information security officer of Yahoo.

Roberts also told WIRED the media attention has irked One World’s investors who have pulled out, resulting in half of its workforce being laid off.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s