It looks like you're using an Ad Blocker.

Please white-list or disable in your ad-blocking tool.

Thank you.


Some features of ATS will be disabled while you continue to use an ad-blocker.


FBI: researcher admitted to hacking plane in-flight, causing it to “climb”

page: 2
<< 1    3  4  5 >>

log in


posted on May, 17 2015 @ 04:18 AM
If this was an B737NG it didn't happen because there's absolutly no connection between the entertainment system and tne ECU.

Couldn't have been the Autothrottle either, since it works on both engines together even when one engine is failed.

I suspect this to be in the same lane as the guy who hacked a pc based ACARS simulator.

posted on May, 17 2015 @ 06:50 AM

originally posted by: roadgravel

A newly-published search warrant application shows that an aviation computer security researcher told the FBI that he briefly took control of at least one commercial airliner. The warrant, which was filed in a federal court in New York state, was first published Friday by APTN, a Canadian news site.

According to the affidavit for the warrant application, the researcher, Chris Roberts, told the FBI that he:

connected to other systems on the airplane network after he exploited/gained access to, or "hacked" the [in-flight entertainment] system. He stated that he then overwrote code on the airplane’s Thrust Management Computer while aboard a flight. He stated that he successfully commanded the system he had accessed to issue the climb command. He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights. He also stated that he used Vortex software after compromising/exploiting or "hacking" the airplane’s networks. He used the software to monitor traffic from the cockpit system.

Since this incident, United has instituted a bug bounty program.


In the bounty program

Bugs on onboard Wi-Fi, entertainment systems or avionics

Have to wonder what actually happened.

Wifi on an airplane?

Airplanes are connected to the network? Whaaa????

Is the article saying that an airplane's on board system is connected to the network?

posted on May, 17 2015 @ 10:26 AM
It may or may not have actually happened. The thought is scary. Seems Chris has a bit of hubris and may have been stretching it a bit to the FEDS thinking he was good to go. They interviewed him for over four hours and he may have enjoyed impressing them. Never the less I find tweets such as this pretty disturbing since he claims to be on the publics side regarding safety.

Chris Roberts @Sidragon1
Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? "PASS OXYGEN ON" Anyone ?

1:08 PM - 15 Apr 2015
142 142 Retweets 181 181 favorites

I'll be eyeballing the dude with really cool tech sitting next to me from now.

posted on May, 17 2015 @ 11:06 AM
a reply to: howmuch4another

They can't even get what he claims to have done right. In one article they said he claimed he made the plane climb, while in another he claims he increased thrust in one engine causing it to "go sideways".

IIRC the IFE system is a totally separate system that doesn't connect to the flight control systems anywhere.

posted on May, 17 2015 @ 11:11 AM

originally posted by: Phage
a reply to: hopenotfeariswhatweneed

This scenario is not implausible,and quite scary really,even if it is only claimed that does not make the story any less believable ...

Less than "not very" you mean?

Curious you seem to be doing your best to downplay this..

If a single hacker, who does not belong to a cabal, or group with dark intent for an aircraft can do what he did, that puts the vulnerability of all commercial (and military for that matter...remember Iran captured an intact drone recently..?) into startling context, especially when thinking about 9/11 and other 'missing aircraft' and crashed aircraft in recent years.

Now...imagine just what could be accomplished by a devious, dark and well organised group with evil intent on their minds...vast resources, access and opportunity would be the difference between such a group and this solitary hacker dabbling with the in-flight entertainment interface, and the result could very well be what we have all seen on our TV screens and computer monitors.

Could it be that for nothing more than ego purposes, you're attempting to gloss over this using your characteristic minimalist and curt, barely one liner replies, because the possible ramifications of commercial aircraft being taken over and flown remotely, would probably destroy your posting credibility especially regarding 9/11 threads over the years?

It's ok to be wrong once in a while you know mate, even your inflated ego can take that knock i'm sure.

posted on May, 17 2015 @ 11:20 AM
a reply to: Zaphod58

There are a bunch of holes besides the actual technical abilities that stand out. I plausibly think he could get into a system and look around at data traffic but not control an engine or the like.

posted on May, 17 2015 @ 11:29 AM

I didn't see this thread and made another. I hope you don't mind.

A security researcher told the FBI in February he was able to commandeer a plane's control system mid-flight, according to a warrant application filed last month.


Chris Roberts is a prominent hacker and security researcher. He founded One World Labs, a security intelligence firm that identifies risks before they’re exploited. While aboard a United airlines flight, he tweeted this...

The tweet was meant as a sarcastic joke; a reference to how he had tried for years to get Boeing and Airbus to heed warnings about security issues with their passenger communications systems. His tweet about the Engine Indicator Crew Alert System, or EICAS, was a reference to research he’d done years ago on vulnerabilities in inflight infotainment networks, vulnerabilities that could allow an attacker to access cabin controls and deploy a plane’s oxygen masks.

While it may sound funny, he claims to have accessed the plane’s IFE systems which then gave him access to other systems using default IDs and passwords.

He obtained physical access to the networks through the Seat Electronic Box, or SEB. These are installed two to a row, on each side of the aisle under passenger seats, on certain planes. After removing the cover to the SEB by “wiggling and Squeezing the box,” Roberts told agents he attached a Cat6 ethernet cable, with a modified connector, to the box and to his laptop and then used default IDs and passwords to gain access to the inflight entertainment system. Once on that network, he was able to gain access to other systems on the planes.

Upon landing, he was detained by two FBI agents and local police for questioning. Below is what the they reportedly confiscated. The FBI filed for a warrant two days after questioning Mr. Roberts.

The FBI is directly accusing him of controlling the airplane by overwriting code on the plane’s Thrust Management Computer, acknowledging that it is indeed possible. Robert claims he only caused the plane to climb during a simulated test on a virtual environment he built with a colleague. He says he did access in-flight networks about 15 times during various flights between 2011 and 2014, but had only explored and observed the data traffic.

“He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights,” FBI Special Agent Mark Hurley wrote in his warrant application. “He also stated that he used Vortex software after comprising/exploiting or ‘hacking’ the airplane’s networks. He used the software to monitor traffic from the cockpit system.”

Roberts has not yet been charged with any crime while the warrant to search his property is pending. The FBI is hoping to find hard evidence of his involvement in altering the plane's flight control systems. I tend to believe his public display is being used to draw attention to the issue. Are we really that vulnerable?

Roberts began investigating aviation security about six years ago after he and a research colleague got hold of publicly available flight manuals and wiring diagrams for various planes. The documents showed how inflight entertainment systems one some planes were connected to the passenger satellite phone network, which included functions for operating some cabin control systems. These systems were in turn connected to the plane avionics systems. They built a test lab using demo software obtained from infotainment vendors and others in order to explore what they could to the networks.

In 2010, Roberts gave a presentation about hacking planes and cars at the BSides security conference in Las Vegas. Another presentation followed two years later. He also spoke directly to airplane manufacturers about the problems with their systems. “We had conversations with two main airplane builders as well as with two of the top providers of infotainment systems and it never went anywhere,” he told WIRED last month.

Last February, the FBI in Denver, where Roberts is based, requested a meeting. They discussed his research for an hour, and returned a couple weeks later for a discussion that lasted several more hours. They wanted to know what was possible and what exactly he and his colleague had done. Roberts disclosed that he and his colleague had sniffed the data traffic on more than a dozen flights after connecting their laptops to the infotainment networks.

“We researched further than that,” he told WIRED last month. “We were within the fuel balancing system and the thrust control system. We watched the packets and data going across the network to see where it was going.”

Eventually, Roberts and his research partner determined that it would take a convoluted set of hacks to seriously subvert an avionics system, but they believed it could be done. He insisted to WIRED last month, however, that they did not “mess around with that except on simulation systems.” In simulations, for example, Roberts said they were able to turn the engine controls from cruise to climb, “which definitely had the desired effect on the system—the plane sped up and the nose of the airplane went up.”

This guy seems to think so. He is refusing to comment about the FBI’s accusations and I will definitely be keeping watch as this develops. Airplanes were used to bring this country to it’s knees and other strange occurrences have happened as of late. These vulnerabilities have been known for years and the airline manufactures have chosen to do nothing about them. Any guess why?

His Twitter page: Link

posted on May, 17 2015 @ 12:48 PM
a reply to: MysterX

Iran didn't hack the RQ-170, they spoofed the GPS, which is a totally different thing to do. To hack an aircraft they have to be able to access the flight management system, which doesn't have outside access. The IFE doesn't connect to it.

posted on May, 17 2015 @ 02:29 PM
It makes you wonder why the GAO back in April are going with the vulnerablity of these systems...specifically about the gateway being the entertainment systems on Airbus and Boeing.

Washington (CNN)Hundreds of planes flying commercially today could be vulnerable to having their onboard computers hacked and remotely taken over by someone using the plane's passenger Wi-Fi network, or even by someone on the ground, according to a new report from the Government Accountability Office.

What is this? Is it that everybody with responsibility are edjits now, and just talking shiite.

GAO pdf,
edit on 17-5-2015 by smurfy because: Text.

posted on May, 17 2015 @ 02:33 PM
a reply to: Zaphod58

Taking control is taking control mate...the end result is the same, the only difference is the method used.

If what this guy is saying is accurate, a would-be-terrorist wouldn't even need a boxcutter to carry out another 9/11.

posted on May, 17 2015 @ 02:36 PM
a reply to: smurfy

These are the same people that put out warnings years ago about plastic guns being made in Europe that could be used to get past metal detectors. This was before anyone had even heard about 3D printing and being able to make your own at home. They claimed that an arms manufacturer was pumping out guns that were almost entirely plastic.

posted on May, 17 2015 @ 02:37 PM
a reply to: MysterX

And so far not one organization has even tried it for real. It's only been done in simulations. If it's so easy, then someone should be able to step up and prove it.

posted on May, 17 2015 @ 02:46 PM

originally posted by: Phage
The headline is not exactly accurate. The "hacker" did not admit do doing anything. He claimed to have done something.

He claimed to have done something. you said ? The "hacker" did not admit do doing anything you said

confused you will be

posted on May, 17 2015 @ 03:31 PM
So he hacked the engine control by way of the entertainment system?

Is that possible with -any- system on any plane in existence? I find it extremely hard to believe.

posted on May, 17 2015 @ 03:40 PM
a reply to: fleabit

Yeah I think something comparable would be if someone would hack my wireless network and by that get my girlfriend pregnant.

I believe her of course...
edit on 17-5-2015 by beercan because: (no reason given)

posted on May, 17 2015 @ 04:03 PM
a reply to: smurfy

It makes you wonder why the GAO back in April are going with the vulnerablity of these systems...specifically about the gateway being the entertainment systems on Airbus and Boeing.
Actually, it makes me think that our hacker read that article and rather than actually doing anything, talked to the FBI about what the report said about potential vulnerabilities.

Roberts did not immediately respond to Ars’ request for comment, but he told Wired on Friday that this paragraph was taken out of context.

"It would appear from what I’ve seen that the federal guys took one paragraph out of a lot of discussions and a lot of meetings and notes and just chose that one as opposed to plenty of others," he said, declining to elaborate further.

edit on 5/17/2015 by Phage because: (no reason given)

posted on May, 17 2015 @ 04:15 PM

originally posted by: fleabit
So he hacked the engine control by way of the entertainment system?

Is that possible with -any- system on any plane in existence? I find it extremely hard to believe.

Try it the other way round, The FAA issued a 'special conditions' 7 or 8 years ago to Boeing for the Dreamliner again specifically to do with the entertainments system being vulnerable to hacking. Was this ever complied with I don't know, but in the GAO PDF there is more than a hint that the FAA are not even in a position to assess this case Boeing, have made their systems safe since the FAA have similar problems of their own in other areas;

"As GAO reported in January 2015, FAA has taken steps to protect its
ATC systems from cyber-based threats; however, significant securitycontrol
weaknesses remain that threaten the agency’s ability to ensure
the safe and uninterrupted operation of the national airspace system.
FAA has agreed to address these weaknesses. Nevertheless, FAA will
continue to be challenged in protecting ATC systems because it has not
developed a cybersecurity threat model. NIST guidance, as well as
experts GAO consulted, recommend such modeling to identify potential
threats to information systems, and as a basis for aligning cybersecurity
efforts and limited resources. While FAA has taken some steps toward
developing such a model, it has no plans to produce one and has not
assessed the funding or time that would be needed to do so. Without
such a model, FAA may not be allocating resources properly to guard
against the most significant cybersecurity threats."

On aircraft,

Modern aircraft are increasingly connected to the Internet. This
interconnectedness can potentially provide unauthorized remote access
to aircraft avionics systems. As part of the aircraft certification process,
FAA’s Office of Safety (AVS) currently certifies new interconnected
systems through rules for specific aircraft and has started reviewing rules
for certifying the cybersecurity of all new aircraft systems.
FAA is making strides to address the challenge of clarifying cybersecurityhas started reviewing rules
for certifying the cybersecurity of all new aircraft systems.

So the FAA is reviewing the rules of certification now, what about 7 years ago then, back door certification? Is Boeing et al, now going have to start gutting their new aircraft and rebuilding safe, and how?....when the FAA don't have a safe system for their ATC as yet! It's all a bit dooh lally.

But there's more,

"FAA’s acquisition management process generally aligned with federal guidelines
for incorporating requirements for cybersecurity controls in its acquisition of
NextGen programs. For example, the process included the six major informationtechnology
and risk-management activities as described by NIST. Timely
implementation of some of these activities could have been improved based on
their importance to NextGen, cost, and deployment status. The Surveillance and
Broadcast Services Subsystem (SBSS)—which enables satellite guidance of
aircraft and is currently deployed in parts of the nation—has not adopted all of
the April 2013 changes to NIST security controls, such as intrusion detection
improvements, although the Office of Management and Budget guidance states
that deployed systems must adopt changes within one year. Systems with
weaknesses that could be exploited "
So okay, GAO are a bunch of carrot pullers, who know nothing except talk, however they can point out that some areas that should now be covered, are not, and there is no word of it as yet.
edit on 17-5-2015 by smurfy because: Text.

posted on May, 17 2015 @ 04:18 PM
Maybe take a device that bridges ethernet to ARNIC 429 and get a connection into the aircraft network, not the entertainment network.

- Bridge Between Ethernet, MIL-STD-1553, and/or ARINC 429
- Remote Access to 429 or 1553 Data via Ethernet
- Low Power 1GHz Intel Atom Processor


Notice the equipment in the picture someone posted. Maybe one of those boxes was a bridge. Hard to tell.

posted on May, 17 2015 @ 04:22 PM
a reply to: smurfy

There's a huge difference between Boeing and the FAA. The FAA can't do much because they don't have a formal budget. One reason they can't update their ATC system, except as it fails, is because they've been funded for at least 10 years via continuing resolution. That doesn't give them any money for things like new radars, or cybersecurity models/updates, unless it's an emergency.

Boeing on the other hand, just does, and adds the cost to their aircraft.

posted on May, 17 2015 @ 04:29 PM
a reply to: roadgravel

That would imply the guy has physical access to both the ARNIC429 network and the Ethernet network to be able to bridge them together.

I'm not really sure what the point of doing so would be.

new topics

top topics

<< 1    3  4  5 >>

log in