Author: Kim Zetter. Kim Zetter
Date of Publication: 05.15.15.
05.15.15
Time of Publication: 10:14 pm.
10:14 pm
Feds Say That Banned Researcher Commandeered a Plane
A security researcher kicked off a United Airlines flight last month after tweeting about security vulnerabilities in its system had previously taken control of an airplane and caused it to briefly fly sideways, according to an application for a search warrant filed by an FBI agent.
Chris Roberts, a security researcher with One World Labs, told the FBI agent during an interview in February that he had hacked the in-flight entertainment system, or IFE, on an airplane and overwrote code on the plane’s Thrust Management Computer while aboard the flight. He was able to issue a climb command and make the plane briefly change course, the document states.
“He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights,” FBI Special Agent Mark Hurley wrote in his warrant application (.pdf). “He also stated that he used Vortex software after comprising/exploiting or ‘hacking’ the airplane’s networks. He used the software to monitor traffic from the cockpit system.”
Hurley filed the search warrant application last month after Roberts was removed from a United Airlines flight from Chicago to Syracuse, New York, because he published a facetious tweet suggesting he might hack into the plane’s network. Upon landing in Syracuse, two FBI agents and two local police officers escorted him from the plane and interrogated him for several hours. They also seized two laptop computers and several hard drives and USB sticks. Although the agents did not have a warrant when they seized the devices, they told Roberts a warrant was pending.
A media outlet in Canada obtained the application for the warrant today and published it online.
The information outlined in the warrant application reveals a far more serious situation than Roberts has previously disclosed.
Roberts had previously told WIRED that he caused a plane to climb during a simulated test on a virtual environment he and a colleague created, but he insisted then that he had not interfered with the operation of a plane while in flight.
He told WIRED that he did access in-flight networks about 15 times during various flights but had not done anything beyond explore the networks and observe data traffic crossing them. According to the FBI affidavit, however, when he mentioned this to agents last February he told them that he also had briefly commandeered a plane during one of those flights.
He told the FBI that the period in which he accessed the in-flight networks more than a dozen times occurred between 2011 and 2014. The affidavit, however, does not indicate exactly which flight he allegedly caused to turn to fly to the side.
He obtained physical access to the networks through the Seat Electronic Box, or SEB. These are installed two to a row, on each side of the aisle under passenger seats, on certain planes. After removing the cover to the SEB by “wiggling and Squeezing the box,” Roberts told agents he attached a Cat6 ethernet cable, with a modified connector, to the box and to his laptop and then used default IDs and passwords to gain access to the inflight entertainment system. Once on that network, he was able to gain access to other systems on the planes.
Reaction in the security community to the new revelations in the affidavit have been harsh. Although Roberts hasn’t been charged yet with any crime, and there are questions about whether his actions really did cause the plane to list to the side or he simply thought they did, a number of security researchers have expressed shock that he attempted to tamper with a plane during a flight.
“I find it really hard to believe but if that is the case he deserves going to jail,” wrote Jaime Blasco, director of AlienVault Labs in a tweet.
Alex Stamos, chief information security officer of Yahoo, wrote in a tweet, “You cannot promote the (true) idea that security research benefits humanity while defending research that endangered hundreds of innocents.”
Roberts, reached by phone after the FBI document was made public, told WIRED that he had already seen it last month but wasn’t expecting it to go public today.
“My biggest concern is obviously with the multiple conversations that I had with the authorities,” he said. “I’m obviously concerned those were held behind closed doors and apparently they’re no longer behind closed doors.”
Although he wouldn’t respond directly to questions about whether he had hacked that previous flight mentioned in the affidavit, he said the paragraph in the FBI document discussing this is out of context.
“That paragraph that’s in there is one paragraph out of a lot of discussions, so there is context that is obviously missing which obviously I can’t say anything about,” he said. “It would appear from what I’ve seen that the federal guys took one paragraph out of a lot of discussions and a lot of meetings and notes and just chose that one as opposed to plenty of others.”
History of Researching Planes
MORE
http://www.wired.com/2015/05/feds-say-banned-researcher-commandeered-plane/
