Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Alleges Security Researcher Tampered With a Plane's Flight Control Systems

Posted by Soulskill on from the feel-free-to-not-do-that dept.

Salo2112 writes with a followup to a story from April in which a security researcher was pulled off a plane by FBI agents seemingly over a tweet referencing a security weakness in one of the plane's systems. At the time, the FBI insisted he had actually tampered with core systems on an earlier flight, and now we have details. The FBI's search warrant application (PDF) alleges that the researcher, Chris Roberts, not only hacked the in-flight entertainment system, but also accessed the Thrust Management Computer and issued a climb command. "He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights. He also stated that he used Vortex software after comprising/exploiting or ‘hacking’ the airplane’s networks. He used the software to monitor traffic from the cockpit system." Roberts says the FBI has presented his statements out of their proper context.

2 of 190 comments (clear)

  1. Re:call me skeptical by garyisabusyguy · · Score: 4, Interesting

    The network that he gained access to was the In Flight Entertainment System via default userids and passwords

    The primary order should have been for the airlines to set up routines to cycle the passwords
    We do not know if they did that because the only access that they claim he got at this point is to the box under his seat

    I think that more definitive proof would be that he managed to log into the system because there could be claims that the box under the seat was being moved around by luggage feet of passengers behind him

    None of this addresses how he managed to hop from the entertainment system network to the flight system network, which many people have claimed are air gapped from each other

    --
    Wherever You Go, There You Are
  2. FBI is lying by Anonymous Coward · · Score: 4, Interesting

    He said if he was an attacker he could "access the control computer, ... issue a climb command..." etc.. FBI has just taken those quotes out of context to justify its warrant.

    In this case he was dumb and was reporting what he thought was a vulnerability to the FBI, and explaining the possible attack scenarios, and the FBI have thought "great! finally we can justify our terrorism budget!" and arrested him.

    As to whether there is a cat5e ethernet port that connects to the flight computer under a passenger seat. Why would there be such a thing? The only network there is the inflight entertainment system and those systems have no physical route to the flight controls.