Download the Q13 News weather app here

FBI: Hacker claimed to have taken over flight’s engine controls

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

(CNN) — A cybersecurity consultant told the FBI he hacked into computer systems aboard airliners up to 20 times and managed to control an aircraft engine during a flight, according to federal court documents.

Chris Roberts was detained by the FBI in April following a United Airlines flight to Syracuse after officials saw Twitter posts he made discussing hacking into the plane he was traveling on.

An FBI search warrant application filed in the U.S. District Court for the Northern District of New York describes the investigation of Roberts for possible computer crimes.

During FBI interviews in February and March, the document says, Roberts told investigators he hacked into in-flight entertainment systems aboard aircraft. He claimed to have done so 15 to 20 times from 2011 to 2014.

He said he knew of vulnerabilities aboard three types of Boeing aircraft and one Airbus model. He hacked into in-flight entertainment systems made by Thales and Panasonic, he told agents, according to the document.

Canada’s APTN first reported on the document. CNN has not obtained the search warrant referenced.

Roberts has said on Twitter that he’s been advised not to say much, but he has tweeted that his only interest is “to improve aircraft security” and accused the FBI of “incorrectly” condensing five years of his research into one paragraph.

“Lots to untangle,” he tweeted.

Roberts did not immediately reply to CNN messages seeking a response, and in an interview with Wired magazine, he declined to say whether he had hacked the flight mentioned in the federal affidavit. In that article, he said a key paragraph was out of context.

“That paragraph that’s in there is one paragraph out of a lot of discussions, so there is context that is obviously missing which obviously I can’t say anything about,” he said. “It would appear from what I’ve seen that the federal guys took one paragraph out of a lot of discussions and a lot of meetings and notes and just chose that one as opposed to plenty of others.”

The FBI document says the bureau’s agents and technical specialists “believed that Roberts had the ability and the willingness to use the equipment then with him to access or attempt to access the in-flight entertainment systems and possibly the flight control systems on any aircraft equipped with an in-flight entertainment system, and that it would endanger public safety to allow him to leave the Syracuse airport that evening with that equipment.”

Roberts said he used a modified Ethernet cable to connect his laptop to an electronic box underneath his seat that controls the entertainment system. From there, he hacked into the airplane’s computer nerve center, the document cites Roberts as telling the FBI.

On April 15, United Airlines told the FBI that Roberts had posted tweets about hacking into the plane he was traveling on and possibly activating the emergency passenger oxygen masks, the document says. At the time, Roberts was traveling on a United flight from Denver to Chicago, then connecting to Syracuse.

FBI agents tracked the aircraft that Roberts traveled on from Denver to Chicago and found signs of tampering and damage to electronic control boxes that connect to in-flight entertainment systems. The boxes tampered with were under the seat where Roberts sat and the one in front of his seat, the warrant application says.

Roberts told agents he didn’t hack into the systems aboard the Denver-to-Chicago flight.

The FBI search warrant said agents seized computer equipment, including a laptop and an iPad, as well as thumb and external drives.

The thumb drives contained “nasty” malware, Roberts said, that could be used to compromise computer networks, according to the FBI document.

One of the plane manufacturers has cast doubt on the hacking claims. Boeing said its entertainment systems are “isolated from flight and navigation systems.”

The company further said that it does not discuss its planes’ design features for security reasons, but said, “It is worth noting that Boeing airplanes have more than one navigational system available to pilots. No changes to the flight plans loaded into the airplane systems can take place without pilot review and approval. In addition, other systems, multiple security measures, and flight deck operating procedures help ensure safe and secure airplane operations.”

Airbus has not yet issued a response, but previously, it has said it has security measures, such as firewalls, that restrict access and the company “constantly assesses and revisits the system architecture” to make sure planes are safe.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

1 Comment

  • 22 year avionics tech

    I’m totally raising the BS flash on this one…. The moment I heard this, I couldn’t help but to LMAO…. Just like it’s mentioned in the article, the entertainment systems are isolated from the navigation and flight control computers…and everything else. Could you imagine if you flipped a channel up on your little remote on your seat, the plane starts to climb because the satellite receiver in the entertainment system wigged out?!?!? Too funny… So……….Hypothetically speaking, even if he was able to connect, where did he get the proprietary software from to even communicate to the computers? How did he know which of the many computers (200+ on A320’s), to hack?!?! Thales? Bendix? Rockwell Collins? SMIF? Airbus? Boeing? GE? Rolls Royce? Pratt Whitney? etc.??? How did he know he didn’t hack into the toilet flush computer? Yes, it has a computer too… The FADEC (Full Authority Digital Engine Control) is an extremely complicated system. How did he know which engines were even on the type A/C he was flying on???? How would he have the means to acquire or develop the different types of software needed to communicate to the different types of ECU/ECC (engine control unit/engine control computer)?

    I’d go on national tv to call this guy out as a fraud in a heartbeat!!! He’s just looking for his 15 minutes of fame. And if you ask me, he should be held accountable in repaying the government, or the taxpayers, back all the money that was wasted investigating this hoax…