Security researcher Chris Roberts got kicked off a United flight last month for tweeting a joke about hacking into its electronic control systems.
Now the FBI alleges, in an affidavit for a search warrant, it was no joke. In fact, the FBI claims, Roberts actually did such a thing, causing a plane he was on to drift sideways while in flight.
“He stated that he successfully commanded the system he had accessed to issue the ‘CLB’ or climb command. He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights,” the affidavit claims.
Roberts has been quick to deny that this was the case.
“Over last 5 years my only interest has been to improve aircraft security…given the current situation I’ve been advised against saying much,” Roberts said on Twitter. He followed up: “Sorry it’s so generic, but there’s a whole 5 years of stuff that the affidavit incorrectly compressed into 1 paragraph….lots to untangle.”
Apparently Roberts has been able to successfully hack into airplanes’ in-flight entertainment (IFE) systems. Wired, which spoke to Roberts, described a process by which he opens up a box underneath the seat, connects to it with a modified Ethernet cable, and is then able to log into the IFE system using default admin usernames and passwords.
The next point is more controversial, however: The FBI claims that he was then able to move from the IFE system into other networks on the plane, including networks connected to the engines, allowing him to “commandeer” the plane.
Others in the security community seem to be responding with a mix of skepticism about the claims and head-shaking over Roberts’ apparent recklessness.
Roberts said in March, “We can still take planes out of the sky thanks to the flaws in the in-flight entertainment systems,” in an interview with Fox. Whether that was a dire warning or mere bravado is not yet clear.
While the FBI has not yet completed its investigation, there’s already been one casualty: The company Roberts founded, One World Labs, failed to secure a round of funding and had to lay off twelve people, or half its staff, he said. That came about because the board decided the business was too risky, in part because of all the unwelcome attention Roberts has been getting.
United, meanwhile, has created a bug bounty program that offers people free airline miles in exchange for information about security vulnerabilities and bugs they discover. United explicitly notes, however, that the bounty does not apply to “bugs on onboard Wi-Fi, entertainment systems or avionics.”