Security researcher Chris Roberts got into quite a bit of trouble last month after seemingly Tweeting a joke about being able to hack into a plane’s electronic control systems mid-flight. "Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? "PASS OXYGEN ON" Anyone ? :)," the now infamous tweet read. When the plane landed, Roberts was questioned by FBI agents, who seized his laptop and other electronics.
Apparently Roberts had met with the FBI before to disclose vulnerabilities within the In Flight Entertainment (IFE) systems, which he reportedly accessed 15 to 20 times from 2011 to 2014 through the Seat Electronic Box (SEB) located under seats containing video monitors using modified Ethernet cable. From there he is able to log into the IFE system using default admin usernames and passwords.
He says he never connected his laptop to any SEBs on this particular flight, though FBI agents claim the units under the seats where Roberts had been sitting showed signs of tampering. He has yet to be charged with a crime but the FBI’s ongoing investigation suggests he was able to gain control of other systems beyond in-flight entertainment on the airplane network.
According to the affidavit for the search warrant application, Roberts told investigators he overwrote code on the airplane's Thrust Management Computer while aboard a flight and successfully commanded the system he had accessed to issue the 'CLB' or climb command. This supposedly caused one of the airplane engines to climb resulting in a sideways movement of the plane.
Roberts has since refuted these claims saying they’re out of context and that the FBI basically condensed a lot of discussions, meetings and notes into a single paragraph. He passed on the opportunity to set the record straight, however.
Other in the security industry have expressed skepticism over Roberts’ and the FBI’s claims in the search warrant, noting that entertainment systems are "isolated from flight and navigation systems”, that it is very unlikely he got physical access to the SEB in several flights without other passengers alerting the flight crew, and that even if he did interfere with flight controls, pilots should have noticed it and an investigation would have ensued.
Just last week United Airlines launched a a bug bounty program that offers people free airline miles in exchange for information about security vulnerabilities. Curiously, the offer is limited to their website and apps, not bugs on onboard Wi-Fi, entertainment systems or avionics.