Would you feel safe if you knew that it’s possible to take control of an airliner with laptop computer or maybe just a smartphone app? That maybe exactly what has happened.
According to reports a security researcher was able to commandeer a United Airlines flight control system during a scheduled flight. A warrant application was filed last month for Chris Roberts a security researcher who was was banned from all United Airlines flights after tweeting a joke about exploiting flight control vulnerabilities while on a plane. Upon landing in Syracuse, New York, FBI agents escorted Roberts off the flight and confiscated his MacBook Pro and several thumb drives. FBI officials told Roberts a warrant to search the devices was pending, and filed a warrant application two days later.
This is not the first time Roberts has tampered with a plane in flight. He met with FBI officials in February of this year to discuss vulnerabilities with In Flight Entertainment (IFE) systems. Roberts told agents he was able to exploit vulnerabilities in the IFE systems 15 to 20 times from 2011 to 2014. According to Roberts its possible to gain physical access to the IFE system through the Seat Electronic Box (SEB) located under seats containing video monitors, according to the FBI affidavit. Roberts was able to connect his laptop to the IFE system, allowing him to overwrite code on the aircraft’s Thrust Management Computer and issue flight commands from his seat.
According to the warrant application Roberts issued the “CLB” or climb command during an actual flight with real passengers. The command caused one of the engines to climb “resulting in a lateral or sideways movement” of the aircraft. Roberts denied the allegations telling Wired magazine that although he was capable of hacking into the IFE system, he never actually commandeered the flight. Roberts claimed he caused a plane to climb during flight, but only during a simulated test. On Twitter, Roberts claims much of the affidavit takes things he said out of context.
FBI agents conducted a search of the plane after the flight discovering SEBs under two of the aircraft’s seats which “showed signs of tampering.” Roberts denied tampering with the equipment saying “Nope I did not. That I’m happy to say and I’ll stand from the top of the tallest tower and yell that one.”
“We believe that Roberts had the ability and the willingness to use the equipment with him to access or attempt to access the IFE and possibly the flight control systems on any aircraft equipped with an IFE system, and that it would endanger public safety,” the affidavit reads.
Aircraft manufacturer Boeing said its entertainment systems are “isolated from flight and navigation systems.”
The company declined to discuss its planes’ design features for security reasons saying; “It is worth noting that Boeing airplanes have more than one navigational system available to pilots. No changes to the flight plans loaded into the airplane systems can take place without pilot review and approval. In addition, other systems, multiple security measures, and flight deck operating procedures help ensure safe and secure airplane operations.”
Airbus has not addressed the incident but has stated before it has security measures, such as firewalls, that restrict access and the company “constantly assesses and revisits the system architecture” to make sure planes are safe.
Roberts is the co-founder of One World Labs which has lost investors as a result of the incident. Roberts has not yet been charged with a crime.
Breaking it Down
This sh*t ain’t funny no more. What this man did, and has admitted to, is pure terrorism. He admitted to tampering with aircraft 15-20 times between 2011 and 2015. But is still walking around free. Why? Let me say this; his actions could have had unforeseen consequences such as the destruction of an aircraft in flight. This man has only three possible reasons for tampering with an aircraft in flight. First he intended to do some harm which I pray I am wrong. Or second he was trying to show the airlines that they are vulnerable to this form of attack which is a good thing done the wrong way. Or third he is seeking publicity for his start up company. The common thread to all of these reasons is that all should land him in prison. Keep in mind that Malaysian Airline Flight 370 is still missing.
