Security and aviation experts have cast doubt on claims that a cybersecurity consultant was able to change the course of a commercial aircraft mid-flight by hacking into its entertainment system.
News of One World Labs' Chris Roberts being escorted from a United Airlines flight on April 15 came to lightwhen several publications, including Wired, obtained the text of a search warrant filed by the FBI.
The warrant alleges Roberts exploited inflight entertainment (IFE) system vulnerabilities on smaller Boeing and Airbus aircraft "approximately 15 to 20 times during the time period 2011 through 2014."
Roberts is alleged to have broken into the under-seat electronic box for the entertainment system and using "a Cat6 Ethernet cable with a modified connector to connect his laptop computer to the inflight entertainment system while in flight."
"He then connected to other systems on the airplane network after he exploited/gained access to, or 'hacked' the IFE system," the FBI warrant claims.
"He stated that he then overwrote code on the airplane's Thrust Management Computer while aboard a flight.
"He stated that he successfully commanded the system he had accessed to issue the 'CLB' or climb command. He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights".
It's this claim – that a researcher could change the course of an aircraft mid-flight – that is the source of most concern, and scepticism.
"I'm hoping that the claims laid out in the plane hacking warrant are as accurate as the median @BlackHatUSA proposal I've seen this week," Yahoo's chief information security officer Alex Stamos tweeted.
However, Stamos was hardly enamoured by the idea of having someone test the security of avionics systems on live commercial flights.
"You cannot promote the (true) idea that security research benefits humanity while defending research that endangered hundreds of innocents," he said.
Hacker turned security researcher – and recent visitor to Australian shores – Kevin Mitnick also cast doubt on the plausibility of the hack described in the search warrant.
"As far as this controversy about controlling aircraft from the entertainment system, I'll believe it when I see it otherwise I call bulls—t," Mitnick tweeted.
Peter Lemme, who chairs a committee overseeing satellite technology standards, told the Runaway Girl Network that "the claim that the Thrust Management System mode was changed without a command from the pilot through the mode control panel, or while coupled to the Flight Management System is inconceivable".
Plane manufacturers have also been quick to talk up the isolation of avionics systems from one another, although they have shied away from revealing much about the network architectures "for security reasons".
Think before you tweet
Though Roberts' alleged exploits had been known to the FBI for some time, it was a tweet – rather than another live test attempt – that caused authorities to swoop.
"Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM,? Shall we start playing with EICAS messages? "PASS OXYGEN ON" Anyone? :)," Roberts tweeted on April 15.
Roberts' tweet came after a report by the US Government Accountability Office that found the networks of modern planes were open to exploitation – something Roberts had been trying to raise awareness of for years.
According to Wired, the tweet was intended as a joke about Roberts' lack of success in getting airlines to take seriously the risk of an attacker gaining access to control systems, such as those responsible for the deployment of oxygen masks.
However, United Airlines' cyber security intelligence department didn't get the joke when it referred the tweet to the FBI.
Since then, it seems, many others are also struggling to find the humour.
"To take control of a plane mid-flight, and potentially perform an action against the best judgment of the humans in control of the cockpit, against the flight management system that constantly evaluates sensors and statistical models far faster than a human is able to react, is a benefit to no one," Lab Mouse Security founder Don A Bailey wrote on his blog.
He added: "Every topic we research, everything we hack, every joke we make on Twitter, now, more than ever, has a quantifiable cost.
"Think the next time you make a statement that could put those around you at tangible risk."
