As details emerge about a security researcher’s alleged hack — and subsequent denial — of an airplane, more questions are being asked than answers given.
News of a security researcher penetrating an airplane’s network has dominated the news for the past few days, but the reality of the situation is muddled.
An application for a search warrant filed by FBI Special Agent Mark Hurley on April 17, which was obtained and published online last Friday by Canadian news outlet APTN National News, alleges the devices seized from Chris Roberts, a security researcher with One World Labs, contain evidence that he successfully commandeered the network of an in-flight airplane he was riding on. Roberts has not been charged with any crime at this time.
In a previous interview, Roberts told Wired he caused a plane to climb in a virtual environment, but insisted he did not interfere with the operations of a plane in flight. Roberts also told Wired he accessed in-flight networks approximately 15 times during various flights only to “explore” and “observe data traffic crossing them.”
While the FBI affidavit mentions the virtual environment, it also states Roberts admitted to controlling a plane in flight. During conversations with the FBI, the warrant application reads, Roberts said he had “exploited vulnerabilities with [in-flight entertainment, or IFE] systems on an in-flight aircraft” 15 to 20 times from 2011 to 2014.
According to the warrant application, Roberts gained access to the network through the Seat Electronic Box installed under passenger seats on airplanes; he was able to remove the SEB cover by “wiggling and squeezing” the box. He then used an Ethernet cable with a “modified connector” to connect his laptop to the IFE system.
The affidavit states Roberts then connected to other systems and overwrote code on the airplane’s Thrust Management Computer to successfully command the system and issue a “CLB,” or climb command, which “thereby caused one of the airplanes to climb, resulting in a lateral or sideways movement of the plane.”
Many news articles over the past few days, however, may have been a bit too aggressive in their conclusions, especially as what is contained in the warrant has not been proven in a court of law. The FBI believes Roberts hacked a plane, yet Roberts denies it.
Before the weekend was over, many security researchers were questioning what really happened. Expert Graham Cluley argued the very real possibility that nothing at all had happened. He wrote in his blog, “Wired isn’t saying that Chris Roberts claimed to have hijacked and meddled with a plane’s flight, instead, they’re saying that the FBI’s search warrant claims that Roberts told them that he had done that.”
While the affidavit does not state which flight Roberts allegedly controlled, Roberts maintains he did not penetrate the IFE system of the April 15 flight during which he tweeted his now infamous “joke:”
The same day, Roberts was questioned by the FBI and had his computer equipment seized.
Though Roberts denies any wrongdoing on this flight, the FBI search warrant application claims the SEB installed near Roberts “showed signs of tampering” and was “open approximately ½ inch and one of the retaining screws was not seated and was exposed.”
Not only are questions arising about what happened during the supposed airline hack, but also whether it is even possible to connect to mission-critical airplane systems through in-flight entertainment.
Law enforcement sources told ABC News there is no evidence a hacker could gain control of an airline network as Roberts described. Federal sources also told ABC News it is extremely unlikely someone could hack into an in-flight plane’s control system.
“Nobody can take control of the airplane right now,” ABC News aviation consultant and former Marine Corps pilot Steven Ganyard said. “At this point, we don’t have any reason to suggest that somebody can take over the airplane and fly it into a mountainside.”
United Airlines spokesperson Rohsaan Johnson also refuted Roberts’ claims, telling The Associated Press, “We are confident our flight control systems could not be accessed through techniques he described.” (United Airlines has since released details of a bug bounty program to incentivize researchers to disclose vulnerabilities to the company directly.)
The U.S. Government Accountability Office released a report last month revealing modern communications make aircraft more vulnerable to attack, but many have also refuted this claim. Dr. Phil Polstra, a qualified pilot and professor of digital forensics at Bloomsbury University, said the report contained “erroneous information” and was “deceptive.”
“It’s certainly possible,” security expert and frequent critic of air travel security Bruce Schneier said, “but in the scheme of internet risks I worry about, it’s not very high.”
While Roberts has not yet denied completing any airplane hacks, he did discuss the inaccuracies of the affidavit with Wired.
“That paragraph that’s in there is one paragraph out of a lot of discussions, so there is context that is obviously missing, which, obviously, I can’t say anything about,” he said. “It would appear from what I’ve seen that the federal guys took one paragraph out of a lot of discussions and a lot of meetings and notes and just chose that one as opposed to plenty of others.”
Roberts also told Forbes today that “typically all maintenance and system software issued [or] procured from manufacturers is for monitoring only, not influencing.” Roberts offered no further details.
Roberts has also taken to Twitter to defend himself, alluding to conversations that were held “in confidence,” information that “needs to be said and will come out,” and “a lot” of things being taken “out of context.”
Roberts still maintains all his actions have been in the name of aircraft security.