FBI Alleges Security Researcher Tampered With a Plane's Flight Control Systems

← Back to Stories (view on slashdot.org)

FBI Alleges Security Researcher Tampered With a Plane's Flight Control Systems

Posted by Soulskill on Saturday May 16, 2015 @09:54AM from the feel-free-to-not-do-that dept.

Salo2112 writes with a followup to a story from April in which a security researcher was pulled off a plane by FBI agents seemingly over a tweet referencing a security weakness in one of the plane's systems. At the time, the FBI insisted he had actually tampered with core systems on an earlier flight, and now we have details. The FBI's search warrant application (PDF) alleges that the researcher, Chris Roberts, not only hacked the in-flight entertainment system, but also accessed the Thrust Management Computer and issued a climb command. "He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights. He also stated that he used Vortex software after comprising/exploiting or ‘hacking’ the airplane’s networks. He used the software to monitor traffic from the cockpit system." Roberts says the FBI has presented his statements out of their proper context.

11 of 190 comments (clear)

Min score:

Reason:

Sort:

call me skeptical by ganjadude · 2015-05-16 10:05 · Score: 5, Insightful

Somehow I doubt this actually happened. While I can believe that in theory it might be possible. I just dont see this guy, a security researcher from what I understand has a great reputation would have done this.

More likely the government is trying to save face right now. and since the TSA cant seem to catch any real terrorists, might as well make an example out of someone instead.

--
have you seen my sig? there are many others like it but none that are the same
1. Re:call me skeptical by sjames · 2015-05-16 10:41 · Score: 5, Insightful
  
  Surely if he ACTUALLY did any such thing the FAA would have issued a notice requiring aircraft WiFi (at least in that model plane)to be disabled. It seems like we have an id10t at the FBI who wants to notch his belt and hasn't considered the wider implications of his allegations.
  Consider if the FBI should prevail in court. Suddenly the FAA comes under fire and has to publicly denounce the verdict and the FBI to save itself. The flip side is that the FAA gets proactive and testifies that it can't happen and the FBI gets to sit in the hot seat.
2. Re:call me skeptical by rahvin112 · 2015-05-16 10:56 · Score: 4, Insightful
  
  The FBI is notorious for taking statements out of context and using them against you, including charging you with lying when your out of context statement isn't correct. You should NEVER talk to the FBI without a lawyer and without a recording device running that records the entire conversation. The ironic thing is the FBI will actually refuse to interview you with a recording device running because they then can't use out of context statements against you.
  Never ever talk to the FBI unless it's in YOUR lawyers office with a recording device running. There are plenty of videos on youtube that explain how the FBI uses these conversations against people and why you should never talk to them.
3. Re:call me skeptical by msauve · 2015-05-16 11:43 · Score: 4, Insightful
  
  if he ACTUALLY did any such thing the FAA would have issued a notice requiring aircraft WiFi
  You obviously didn't read the search warrant.
  
  First, it states that in previous interviews (in Feb, and I'll bet the FBI has audio records to support that), he had described connecting to the network using Ethernet connected to a "Seat Electronic Box" ("SEB") which is mounted under the seats. So, WiFi has nothing to do with it. In the same interview, he said he understood the legal ramifications and would not access airplane networks.
  
  The warrant goes on to state that the FBI inspected the SEBs around the seat he occupied on his 4/15 Denver to Chicago leg, and found signs of damage and tampering.
  
  That, along with his history and the tweet regarding being on the flight and suggesting he could tamper with the flight systems seems to me to be reasonable grounds for a warrant.
  
  And, I hope he's prosecuted. Also in the Feb. interview, he admitted actually tampering with flight control systems. It's one thing to find a vulnerability and try to get it addressed. It's quite another to actually make use of that vulnerability during a flight, placing the public at risk.
  
  --
  "National Security is the chief cause of national insecurity." - Celine's First Law
4. Re:call me skeptical by Rich0 · 2015-05-16 14:24 · Score: 5, Insightful
  
  Well, either he did manage to access the flight controls from the entertainment system, or he didn't.
  If he didn't, I don't think the FBI has much of a case.
  If he did, then the FAA should certainly be issuing an airworthiness directive banning any inflight entertainment system with a connection to the flight control systems. I don't think it is likely that they'd be satisfied with passwords. As far as the FAA is concerned video games on planes are optional, safe flight is not.
  The fact that the FAA hasn't gotten involved makes me skeptical of the FBI's claims. I have a lot of issues with how the FAA does things, but they usually take any kind of potential aircraft defect seriously.
5. Re:call me skeptical by j-turkey · 2015-05-16 17:32 · Score: 4, Insightful
  
  Well, either he did manage to access the flight controls from the entertainment system, or he didn't.
  If he didn't, I don't think the FBI has much of a case.
  I don't think that this has anything to do with whether or not the FBI actually has a case. I suspect that this is the federal government sending a message to security researchers that airplanes are off-limits. It's the same reason for the TSA's billions of dollars of security theater - it's not about safety, it's about making people feel like they are safe. If average citizens do not feel safe flying, they won't fly and we won't have an airline industry. This would have a tremendous effect on our economy. If average citizens believe that flight control systems can be hacked by a geek in his/her seat with a laptop, they will not feel safe, and may not fly.
  I'm not much of a conspiracy theorist, and I'm not about to start now. However, given the fact that it seems other-worldly outlandish that a security researcher can gain control of any flight controls via the wi-fi entertainment system, I strongly suspect that this is the purpose of the FBI's heavy-handed tactics.
  
  --
  
  -Turkey
It's a PR campaign by Mr.+Freeman · 2015-05-16 10:06 · Score: 4, Insightful

No researcher would be so reckless as to actually screw with an airplane's engines mid-flight. The fact that the FBI alleges that he did means that they know damn well they have nothing to do on, but need to paint this guy as a terrorist in order to save themselves looking like idiots for arresting a guy based on a single twitter message.

--
-1 disagree is not a modifier for a reason. -1 troll, flaimbait, redundant, overrated are NOT acceptable substitutes.
1. Re:It's a PR campaign by circletimessquare · 2015-05-16 10:12 · Score: 4, Insightful
  
  while i agree with you that this story sounds like bs, i despise this "always dealing with rational actors" argument
  people do insane things. all the time. if your argument depends upon how someone you don't know is perfectly sane and rational, your argument sucks
  
  --
  intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Can't be too safe by Crayola · 2015-05-16 10:16 · Score: 4, Insightful

Of course, if it were possible to take control of a plane like this, the government would immediately ground all those planes until the security flaw could be fixed, right? Funny, haven't heard that they've done that.
FBI probably left out the virtual simulation part by Anonymous Coward · 2015-05-16 10:18 · Score: 5, Insightful

Do not under any circumstance EVER talk to law enforcement. It's that simple stupid. I don't care if the cop threatens to tow your car and take your children. STFU. If they have something on you they will do it anyway and if they don't then they're trying to get you to say something for which they can arrest you. Nothing you say will ever help you in a court of law. Law enforcement are TRAINED TO LIE in order to get the responses they're after. "Sir- I'll need to ask you to step out of your car so I can search it". He's not ordering you to step out of your car. He's asking permission to search your car. If you comply he'll testify in court you gave permission for them to search your car. The exact phrasing will never be heard in court as the cop will just summarize it as "I asked for permission to search he responded yes". Had you STFU and only surrendered your name and address and if driving your ID, insurance, and registration you would never have ended up arrested. Yes- cops will "get angry" if you don't "cooperate". They will threaten to arrest you. However these are generally lies to get you to do what they want (allow a search, etc). If you don't "cooperate" they won't actually arrest you 99% of the time because they haven't got anything on you.
rubbish by Anonymous Coward · 2015-05-16 10:21 · Score: 4, Insightful

As I professional pilot can I say that while I have no insight into what may or may not actually have happened on this flight, the write-up in the article is utter bollocks from a flight dynamics perspective. If the case really rests on such a flimsy explanation of what happened than the FBI need some above from somebody who knows anything whatsoever about aircraft and flight dynamics.