FBI Alleges Security Researcher Tampered With a Plane's Flight Control Systems

Salo2112 writes with a followup to a story from April in which a security researcher was pulled off a plane by FBI agents seemingly over a tweet referencing a security weakness in one of the plane's systems. At the time, the FBI insisted he had actually tampered with core systems on an earlier flight, and now we have details. The FBI's search warrant application (PDF) alleges that the researcher, Chris Roberts, not only hacked the in-flight entertainment system, but also accessed the Thrust Management Computer and issued a climb command. "He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights. He also stated that he used Vortex software after comprising/exploiting or ‘hacking’ the airplane’s networks. He used the software to monitor traffic from the cockpit system." Roberts says the FBI has presented his statements out of their proper context.

call me skeptical

[ganjadude]

Somehow I doubt this actually happened. While I can believe that in theory it might be possible. I just dont see this guy, a security researcher from what I understand has a great reputation would have done this.

More likely the government is trying to save face right now. and since the TSA cant seem to catch any real terrorists, might as well make an example out of someone instead.

Re:call me skeptical

[PRMan]

He already said that this paragraph is taken out of context and that he didn't do it (on a real plane). Basically, he's saying the FBI is lying. Shouldn't be too surprising considering how many times they've lied to the courts recently, but hopefully a jury pays attention to all that.

Re:call me skeptical

[sjames]

Surely if he ACTUALLY did any such thing the FAA would have issued a notice requiring aircraft WiFi (at least in that model plane)to be disabled. It seems like we have an id10t at the FBI who wants to notch his belt and hasn't considered the wider implications of his allegations.

Consider if the FBI should prevail in court. Suddenly the FAA comes under fire and has to publicly denounce the verdict and the FBI to save itself. The flip side is that the FAA gets proactive and testifies that it can't happen and the FBI gets to sit in the hot seat.

Re:call me skeptical

[Rich0]

Well, either he did manage to access the flight controls from the entertainment system, or he didn't.

If he didn't, I don't think the FBI has much of a case.

If he did, then the FAA should certainly be issuing an airworthiness directive banning any inflight entertainment system with a connection to the flight control systems. I don't think it is likely that they'd be satisfied with passwords. As far as the FAA is concerned video games on planes are optional, safe flight is not.

The fact that the FAA hasn't gotten involved makes me skeptical of the FBI's claims. I have a lot of issues with how the FAA does things, but they usually take any kind of potential aircraft defect seriously.

Re:call me skeptical

[tlhIngan]

None of this addresses how he managed to hop from the entertainment system network to the flight system network, which many people have claimed are air gapped from each other

Not quite air-gapped, bridged one way. Otherwise how do you think the flight page on the entertainment system gets its data form?

The aircraft has two networks. The inflight system is Ethernet based, traditional IP and everything. Inflight WiFi is usually a separate network from this, maybe, which leads to its own satellite transponder and antenna array on the aircraft.

The other network is the one all the avionics talk via. On modern aircraft, it's Ethernet-like. It's not quite ethernet, more slotted and with QoS guarantees and priorities. Basically it has real-time extensions added to it. They are not compatible with each other. It is NOT IP based at all, relying on proprietary protocols and addressing. There is a bridge device that allows data from the avionics network to be passed to the inflight network, but not the other way around. The bridge does not allow communications the other way because it lacks the ability to transmit on that network.

On older planes, the network isn't Ethernet based at all, it's a completely proprietary protocol, and again, the bridge is one-way because they lack the ability to transmit.

The easiest way for a passenger to take over the plane electronically is to get through the floor. The cabling for both networks usually runs close to each other.

FBI probably left out the virtual simulation part

Do not under any circumstance EVER talk to law enforcement. It's that simple stupid. I don't care if the cop threatens to tow your car and take your children. STFU. If they have something on you they will do it anyway and if they don't then they're trying to get you to say something for which they can arrest you. Nothing you say will ever help you in a court of law. Law enforcement are TRAINED TO LIE in order to get the responses they're after. "Sir- I'll need to ask you to step out of your car so I can search it". He's not ordering you to step out of your car. He's asking permission to search your car. If you comply he'll testify in court you gave permission for them to search your car. The exact phrasing will never be heard in court as the cop will just summarize it as "I asked for permission to search he responded yes". Had you STFU and only surrendered your name and address and if driving your ID, insurance, and registration you would never have ended up arrested. Yes- cops will "get angry" if you don't "cooperate". They will threaten to arrest you. However these are generally lies to get you to do what they want (allow a search, etc). If you don't "cooperate" they won't actually arrest you 99% of the time because they haven't got anything on you.