Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Alleges Security Researcher Tampered With a Plane's Flight Control Systems

Posted by Soulskill on from the feel-free-to-not-do-that dept.

Salo2112 writes with a followup to a story from April in which a security researcher was pulled off a plane by FBI agents seemingly over a tweet referencing a security weakness in one of the plane's systems. At the time, the FBI insisted he had actually tampered with core systems on an earlier flight, and now we have details. The FBI's search warrant application (PDF) alleges that the researcher, Chris Roberts, not only hacked the in-flight entertainment system, but also accessed the Thrust Management Computer and issued a climb command. "He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights. He also stated that he used Vortex software after comprising/exploiting or ‘hacking’ the airplane’s networks. He used the software to monitor traffic from the cockpit system." Roberts says the FBI has presented his statements out of their proper context.

6 of 190 comments (clear)

  1. Re:How can this be? by JohnVanVliet · · Score: 1, Interesting

    i would not put it past any bean counter for cost cutting

    the entertainment and flight systems both use similar hardware

    and entertainment system built 5 to 10 years ago for the usage bandwidth of FIVE to TEN YEARS ago will fail left and right with today's demand

    so the entertainment system is a VERY soft target
    once in ????????

    --
    "I don't pitch OpenSUSE Linux to my friends, i let Microsoft do it for me
  2. Re:call me skeptical by sjames · · Score: 3, Interesting

    s/WiFi/SEB/g and it's the same issue. Surely you could have managed to work that out.

    How many of the OTHER SEBs showed the same signs, I wonder?

  3. Re:It's a PR campaign by FatdogHaiku · · Score: 3, Interesting

    Somewhere out there a true Scotsman is rolling over in his grave like a turbine.

    and with the manual transmission of a pickup truck, some u-joints and a drive shaft we can couple him to a generator!
    The fact that we will be making money off him at little cost to us and zero compensation to him should start 8 of the nearest (buried) true Scotsmen also spinning. At that point we hook them all up and via RPM modulation we can play "When Irish Eyes are Smiling"! This will cause all the remaining true Scotsman (dead and possibly living) to also spin like turbines and energy will flow from Great Britain like water. I have to go write some IPO stuff and maybe make a kickstarter page for start up capital...
    Thanks!
    /jk (cause there's always someone wanting to be offended in some way... no matter how utterly ridiculous a statement is, a literalist is waiting to pounce)

    --
    You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
  4. Re:call me skeptical by garyisabusyguy · · Score: 4, Interesting

    The network that he gained access to was the In Flight Entertainment System via default userids and passwords

    The primary order should have been for the airlines to set up routines to cycle the passwords
    We do not know if they did that because the only access that they claim he got at this point is to the box under his seat

    I think that more definitive proof would be that he managed to log into the system because there could be claims that the box under the seat was being moved around by luggage feet of passengers behind him

    None of this addresses how he managed to hop from the entertainment system network to the flight system network, which many people have claimed are air gapped from each other

    --
    Wherever You Go, There You Are
  5. FBI is lying by Anonymous Coward · · Score: 4, Interesting

    He said if he was an attacker he could "access the control computer, ... issue a climb command..." etc.. FBI has just taken those quotes out of context to justify its warrant.

    In this case he was dumb and was reporting what he thought was a vulnerability to the FBI, and explaining the possible attack scenarios, and the FBI have thought "great! finally we can justify our terrorism budget!" and arrested him.

    As to whether there is a cat5e ethernet port that connects to the flight computer under a passenger seat. Why would there be such a thing? The only network there is the inflight entertainment system and those systems have no physical route to the flight controls.

  6. Re:call me skeptical by sjames · · Score: 3, Interesting

    That's more or less my point. Apparently the many who say it can't happen includes the FAA (otherwise, why no advisory). The FBI alleges that he actually did just that during the flight (even if not impossible, their story is a bit thin).

    More strangely, he as a future defendant is one of the few experts who believes it is even possible, but they can't exactly use him as an expert witness for the prosecution.