The FBI Claims A Plane Was Hacked From Midair

by Chris Tognotti

A search warrant application publicized by Canadian news outlet APTN on Friday highlighted a rather shocking story, and it's probably enough to give me a little shiver the next time I fly — the FBI has alleged that well-known hacker Chris Roberts made a plane fly sideways while aboard, accessing the engine controls via the in-flight entertainment system. The airline and flight in question are unknown.

In other words, imagine you're riding in a plane, and unbeknownst to you the guy a couple rows over is messing with the engine thrust. The FBI documents allege that Roberts, a noteworthy computer security expert with Denver's One World Labs, copped to doing this in an interview in February, one of three times he's reportedly spoken to the Bureau this year. As detailed by APTN, the search warrant the FBI applied for would allow them to examine electronics (including a laptop) that they seized from Roberts on April 15, after he was banned from United Airlines following a different incident, when he tweeted about hacking into the flight's oxygen mask system.

To be clear, these aren't charges. But it's certainly a headline-grabbing piece of news, regardless — when you think about things the FBI wouldn't be too thrilled with, allegedly tampering with the path of a plane in flight probably ranks pretty high. Here's what Roberts allegedly told them, according to the search warrant application.

[Roberts] then connected to other systems on the airplane's network after he exploited/gained access to, or "hacked" the IFE system. He stated that he then overwrote code on the airplane's Thrust Management Computer while aboard a flight. He stated that he had successfully commanded the system that he had accessed to issue the "CLB" or climb command. He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights.

Roberts, for his part, appeared on Fox News following the April 15 incident to explain himself, stating that his tweet about the oxygen masks was made out of frustration with security flaws in the plane's system. As detailed by USA Today, United spokesperson Rahsaan Johnson explained that Roberts was banned "because he had made public statements about having manipulated airfare equipment and aircraft systems," adding that "that's something we just can't have."

The allegations that have now been revealed are something altogether different from just tweeting about supposed vulnerabilities, however — as Wired's Kim Zetter detailed expertly on Friday, some within the cyber-security community have already spoken out against Roberts, with Yahoo's chief information security officer Alex Stamos tweeting a pretty overt condemnation of the alleged actions (although he added that he's not sure he believes that Roberts actually changed the plane's direction).

Roberts has also spoken out on the allegations. He denies ever having actually made a plane climb during a flight, saying he's only done so in a simulation, never the real thing. He told Wired that he was disturbed that the information has become public, and has tweeted that the controversy is "out of context."

My biggest concern is obviously with the multiple conversations that I had with the authorities. I’m obviously concerned those were held behind closed doors and apparently they’re no longer behind closed doors.

Image: Fox News