FBI Alleges Security Researcher Tampered With a Plane's Flight Control Systems

Salo2112 writes with a followup to a story from April in which a security researcher was pulled off a plane by FBI agents seemingly over a tweet referencing a security weakness in one of the plane's systems. At the time, the FBI insisted he had actually tampered with core systems on an earlier flight, and now we have details. The FBI's search warrant application (PDF) alleges that the researcher, Chris Roberts, not only hacked the in-flight entertainment system, but also accessed the Thrust Management Computer and issued a climb command. "He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights. He also stated that he used Vortex software after comprising/exploiting or ‘hacking’ the airplane’s networks. He used the software to monitor traffic from the cockpit system." Roberts says the FBI has presented his statements out of their proper context.

Re:call me skeptical

[PRMan]

He already said that this paragraph is taken out of context and that he didn't do it (on a real plane). Basically, he's saying the FBI is lying. Shouldn't be too surprising considering how many times they've lied to the courts recently, but hopefully a jury pays attention to all that.

Re:call me skeptical

The police CAN and WILL use anything you say against you, NEVER EVER EVER for your benefit or for you. People do not realize that. They are trained to use various tactics to extract information out of you, The rooms are uncomfortable, they are small, they leave you alone for long periods of time, they make promises that you can leave soon if... etc.. Please people, never talk to police, you get ZERO benefit from it. Really, ZERO. If you said he hit me 20 times and I hit him back, They will only use the part where you said you hit the person, it might not ever be on an official record anywhere either. They very selectively cherry pick small bits and pieces from your sessions. There is no context at all. They are not interested in finding the actual person who committed a specific crime, they are interested in find a person.

Re:call me skeptical

[hodet]

We called it failure at OSI level 8.

Re:call me skeptical

[Damarkus13]

Fortunately, it's still up to the FBI to prove they're not lying. Now, what an American jury is willing to accept as proof is anyone's guess.

Re:call me skeptical

[tlhIngan]

None of this addresses how he managed to hop from the entertainment system network to the flight system network, which many people have claimed are air gapped from each other

Not quite air-gapped, bridged one way. Otherwise how do you think the flight page on the entertainment system gets its data form?

The aircraft has two networks. The inflight system is Ethernet based, traditional IP and everything. Inflight WiFi is usually a separate network from this, maybe, which leads to its own satellite transponder and antenna array on the aircraft.

The other network is the one all the avionics talk via. On modern aircraft, it's Ethernet-like. It's not quite ethernet, more slotted and with QoS guarantees and priorities. Basically it has real-time extensions added to it. They are not compatible with each other. It is NOT IP based at all, relying on proprietary protocols and addressing. There is a bridge device that allows data from the avionics network to be passed to the inflight network, but not the other way around. The bridge does not allow communications the other way because it lacks the ability to transmit on that network.

On older planes, the network isn't Ethernet based at all, it's a completely proprietary protocol, and again, the bridge is one-way because they lack the ability to transmit.

The easiest way for a passenger to take over the plane electronically is to get through the floor. The cabling for both networks usually runs close to each other.