FBI Alleges Security Researcher Tampered With a Plane's Flight Control Systems

Salo2112 writes with a followup to a story from April in which a security researcher was pulled off a plane by FBI agents seemingly over a tweet referencing a security weakness in one of the plane's systems. At the time, the FBI insisted he had actually tampered with core systems on an earlier flight, and now we have details. The FBI's search warrant application (PDF) alleges that the researcher, Chris Roberts, not only hacked the in-flight entertainment system, but also accessed the Thrust Management Computer and issued a climb command. "He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights. He also stated that he used Vortex software after comprising/exploiting or ‘hacking’ the airplane’s networks. He used the software to monitor traffic from the cockpit system." Roberts says the FBI has presented his statements out of their proper context.

Re:call me skeptical

[PRMan]

He already said that this paragraph is taken out of context and that he didn't do it (on a real plane). Basically, he's saying the FBI is lying. Shouldn't be too surprising considering how many times they've lied to the courts recently, but hopefully a jury pays attention to all that.

Re:call me skeptical

[tlhIngan]

None of this addresses how he managed to hop from the entertainment system network to the flight system network, which many people have claimed are air gapped from each other

Not quite air-gapped, bridged one way. Otherwise how do you think the flight page on the entertainment system gets its data form?

The aircraft has two networks. The inflight system is Ethernet based, traditional IP and everything. Inflight WiFi is usually a separate network from this, maybe, which leads to its own satellite transponder and antenna array on the aircraft.

The other network is the one all the avionics talk via. On modern aircraft, it's Ethernet-like. It's not quite ethernet, more slotted and with QoS guarantees and priorities. Basically it has real-time extensions added to it. They are not compatible with each other. It is NOT IP based at all, relying on proprietary protocols and addressing. There is a bridge device that allows data from the avionics network to be passed to the inflight network, but not the other way around. The bridge does not allow communications the other way because it lacks the ability to transmit on that network.

On older planes, the network isn't Ethernet based at all, it's a completely proprietary protocol, and again, the bridge is one-way because they lack the ability to transmit.

The easiest way for a passenger to take over the plane electronically is to get through the floor. The cabling for both networks usually runs close to each other.