FBI: Hacker took over flight’s engine controls from seat

passenger-jet-plane-flight-control(CNN) – A cybersecurity consultant told the FBI he hacked into computer systems aboard airliners up to 20 times and managed to control an aircraft engine during a flight, according to federal court documents.

Chris Roberts was detained by the FBI in April following a United Airlines flight to Syracuse, New York, after officials saw Twitter posts he made discussing hacking into the plane he was traveling on.

An FBI search warrant application filed in the U.S. District Court for the Northern District of New York describes the investigation of Roberts for possible computer crimes.

During FBI interviews in February and March, the document says, Roberts told investigators he hacked into in-flight entertainment systems aboard aircraft. He claimed to have done so 15 to 20 times from 2011 to 2014.

He also said, according to the document, that once he had hacked into the systems and then overwrote code, enabling him to issue a “CLB,” or climb, command.

“He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights,” the document says.

Roberts said he knew of vulnerabilities aboard three types of Boeing aircraft and one Airbus model. He hacked into in-flight entertainment systems made by Thales and Panasonic, he told agents, according to the document.

Roberts has said on Twitter that he’s been advised not to say much, but he has tweeted that his only interest is “to improve aircraft security” and accused the FBI of “incorrectly” condensing five years of his research into one paragraph.

“Lots to untangle,” he tweeted.

Roberts did not immediately reply to CNN messages seeking a response, and in an interview with Wired magazine, he declined to say whether he had hacked the flight mentioned in the federal affidavit. In that article, he said a key paragraph was out of context.

“That paragraph that’s in there is one paragraph out of a lot of discussions, so there is context that is obviously missing which obviously I can’t say anything about,” he said. “It would appear from what I’ve seen that the federal guys took one paragraph out of a lot of discussions and a lot of meetings and notes and just chose that one as opposed to plenty of others.”

The FBI document says the bureau’s agents and technical specialists “believed that Roberts had the ability and the willingness to use the equipment then with him to access or attempt to access the in-flight entertainment systems and possibly the flight control systems on any aircraft equipped with an in-flight entertainment system, and that it would endanger public safety to allow him to leave the Syracuse airport that evening with that equipment.”

Roberts said he used a modified Ethernet cable to connect his laptop to an electronic box underneath his seat that controls the entertainment system. From there, he hacked into the airplane’s computer nerve center, the document cites Roberts as telling the FBI.

Leave a Reply

Your email address will not be published. Required fields are marked *