A top security expert who specializes in counter-threat intelligence was pulled off a United Airlines flight after the Federal Bureau of Investigation (FBI) feared he had hacked the plane.
Chris Roberts, a leading computer security expert was yanked off his plane upon landing in Syracuse, New York, on Wednesday night. Two FBI agents and two uniformed officers were stationed to welcome him when he arrived. What followed was 4 hours of interrogation and questioning by the FBI.
Here is the tweet that got him into trouble:
Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? "PASS OXYGEN ON" Anyone ? 🙂
— The Kilted One… (@Sidragon1) April 15, 2015
As it turned out, the FBI didn’t particularly find the above tweet funny and sprung into action. They seized his laptop, iPad, hard drives, as well as other computer gear. Here is Chris posting a picture of his seized goods later, on his Twitter page:
Bye bye electronics, all encrypted….and all now in custody/seized pic.twitter.com/a5o6rYTbZ0
— The Kilted One… (@Sidragon1) April 16, 2015
Eventually, it was clear that Roberts meant no harm with his tweet or indeed, had no intentions of hacking into his flight. FBI came to this conclusion a day and a half later.
This goes to show however that there is a potentially dangerous flaw in airplanes that if hacked, could lead to dire consequences. According to Roberts, who co-founded the cyber-security firm One World Labs, anyone can feasibly plug in a laptop to the box underneath his or her seat and access key controls on the plane such as engines, fuel control systems and cabin lighting.
The warning signs were there.
Roberts deduced that a hacker could theoretically take over a pilot’s controls, from the passenger seat. This is because every chair has a tiny computer and a screen which are plugged into the airplane’s CAN (Controller Area Network). If a plane’s security infrastructure isn’t designed the right way, it means that any passenger’s plane seat is ultimately connected to the pilot’s cockpit.
Equipped with the above information, he tested the theory himself – 15 to 20 times on actual flights. With his laptop, he was able to connect it to the box underneath his seat and view real-time sensitive information from the avionics systems.
“I could see the fuel rebalancing, thrust control system, flight management system, the state of controllers,” he said.
If a fellow passenger ever asked what he was doing, Roberts would simply say, “We’re enhancing your experience by putting in new systems.”
One World Labs said it repeatedly warned AirBus and Boeing in recent years about the danger in connected computer networks. Roberts said their response to him has been the same: “We’ll deal with it later. We don’t have time. We have other projects.”
Airbus and Boeing refused to comment on Roberts’ claims. One World Labs tried a different approach earlier this year when it disclosed these flaws to the FBI and a US Intelligence Agency. On meeting with the FBI during several occasions and he was told to never hook up his laptop to the plane again.
Roberts emphatically denies that he intended to do harm to any of the plane’s systems. But he does have to, in his line of work. When asked if he was too aggressive, Roberts replied: “Yeah. Do I occasionally nudge the rules? Damn right I do. If not, I wouldn’t do the research I do.”