Hacker’s Claims of Commandeering a Commercial Flight Dismissed by Industry Experts

In the ongoing investigation concerning the possible hacking of a commercial aircraft's flight system, the latest news reveals no evidence of flight tampering. In fact, it appears the entire story was conflated by out-of-context quotes, a poorly worded tweet, and perhaps a mild case of braggadocio on the part of the hacker.

The investigation stems from a sarcastic tweet sent out by Chris Roberts, a security researcher with One World Labs, who sent out the tweet while aboard a United Airlines flight from Denver to Chicago. The tweet read, "Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM,? Shall we start playing with EICAS messages? 'PASS OXYGEN ON' Anyone?" He then added a smiley face.

Roberts was referencing the Engine Indicator Crew Alert System, which he had researched in previous years while exploring the vulnerabilities of inflight infotainment networks that might allow hackers access to cabin controls and the plane's emergency oxygen mask deployment system.

What followed was his removal from the flight, an interrogation by the FBI, and an eventual search warrant. But this wasn't the first time Roberts had been interviewed by the feds.

In an interview with the FBI in February, Roberts made claims that he had hacked into a plane's flight systems while aboard a flight. According to the warrant application filed by FBI Special Agent Mark Hurley, "He (Roberts) stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights. He also stated that he used Vortex software after comprising/exploiting or 'hacking' the airplane's networks. He used the software to monitor traffic from the cockpit system."

But here's where the story gets fuzzy. In an interview with Wired, Roberts had made similar claims of accessing the in-flight networks during various flights, but states he had restricted his activity to exploring the networks and observing data traffic. He also discussed commandeering flight controls, but said these were conducted on simulated flights within virtual environments.

Yet the FBI affidavit states Roberts claimed to have commandeered a plane during one of his actual flights. Which, according to industry experts, is simply not possible.

In reference to the in-flight entertainment systems and their relationship to flight and navigation systems, a Boeing spokesperson reiterated that they are separate systems, isolated from one another.

"While these systems receive position data and have communication links, the design isolates them from the other systems on airplanes performing critical and essential functions," spokespersons from Boeing say.

Peter Lemme, a chairman of the Ku and Ka satellite communications standards, said in a recent interview with Runway Girl Network, "The claim that the thrust management system mode was changed without a command from the pilot through the mode control panel, or while coupled to the flight management system is inconceivable."

So it appears Roberts' claims of commandeering the aircraft are highly unlikely. Whether he took control of the plane under simulated conditions, or, as the FBI claims, onboard a commercial flight, will have to be sorted out between Roberts and the feds.

Join the Discussion

Recommended Stories

Real Time Analytics