It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
A security researcher told the FBI in February he was able to commandeer a plane's control system mid-flight, according to a warrant application filed last month.
The tweet was meant as a sarcastic joke; a reference to how he had tried for years to get Boeing and Airbus to heed warnings about security issues with their passenger communications systems. His tweet about the Engine Indicator Crew Alert System, or EICAS, was a reference to research he’d done years ago on vulnerabilities in inflight infotainment networks, vulnerabilities that could allow an attacker to access cabin controls and deploy a plane’s oxygen masks.
He obtained physical access to the networks through the Seat Electronic Box, or SEB. These are installed two to a row, on each side of the aisle under passenger seats, on certain planes. After removing the cover to the SEB by “wiggling and Squeezing the box,” Roberts told agents he attached a Cat6 ethernet cable, with a modified connector, to the box and to his laptop and then used default IDs and passwords to gain access to the inflight entertainment system. Once on that network, he was able to gain access to other systems on the planes.
“He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights,” FBI Special Agent Mark Hurley wrote in his warrant application. “He also stated that he used Vortex software after comprising/exploiting or ‘hacking’ the airplane’s networks. He used the software to monitor traffic from the cockpit system.”
Roberts began investigating aviation security about six years ago after he and a research colleague got hold of publicly available flight manuals and wiring diagrams for various planes. The documents showed how inflight entertainment systems one some planes were connected to the passenger satellite phone network, which included functions for operating some cabin control systems. These systems were in turn connected to the plane avionics systems. They built a test lab using demo software obtained from infotainment vendors and others in order to explore what they could to the networks.
In 2010, Roberts gave a presentation about hacking planes and cars at the BSides security conference in Las Vegas. Another presentation followed two years later. He also spoke directly to airplane manufacturers about the problems with their systems. “We had conversations with two main airplane builders as well as with two of the top providers of infotainment systems and it never went anywhere,” he told WIRED last month.
Last February, the FBI in Denver, where Roberts is based, requested a meeting. They discussed his research for an hour, and returned a couple weeks later for a discussion that lasted several more hours. They wanted to know what was possible and what exactly he and his colleague had done. Roberts disclosed that he and his colleague had sniffed the data traffic on more than a dozen flights after connecting their laptops to the infotainment networks.
“We researched further than that,” he told WIRED last month. “We were within the fuel balancing system and the thrust control system. We watched the packets and data going across the network to see where it was going.”
Eventually, Roberts and his research partner determined that it would take a convoluted set of hacks to seriously subvert an avionics system, but they believed it could be done. He insisted to WIRED last month, however, that they did not “mess around with that except on simulation systems.” In simulations, for example, Roberts said they were able to turn the engine controls from cruise to climb, “which definitely had the desired effect on the system—the plane sped up and the nose of the airplane went up.”