The Security Ledger

FBI Affidavit Alleges Researcher Hacked Planes In Flight

An application for a search warrant filed in April by the FBI alleges that security researcher Chris Roberts tampered with the in flight entertainment system on a flight from Denver to Chicago in April -a charge Roberts denies.

In-brief: Did security researcher Chris Roberts attempt to tamper with in-flight systems during a United Airlines flight from Denver to Chicago in April? An FBI affidavit says “yes,” Roberts says “no way.” 

An affidavit for a search warrant filed by the FBI last month alleges that security researcher Chris Roberts tampered with in-flight systems aboard a commercial flight from Denver to Chicago on April 15 and may have hacked into in-fight systems aboard that and other flights in the past. However, Roberts contests that claim.

As reported by the web site an affidavit filed on April 17th in U.S. District Court for the Northern District of New York claims that Roberts used specialized hardware and software to hack into a number of airplanes in flight, including an April United Airlines flight from Colorado to Syracuse. An application for a search warrant requested permission for the government to search an Apple Macbook, Apple iPad and other equipment seized in Syracuse on April 15.

However, Roberts maintains that he made no effort to hack into in flight systems on the United flight and that the affidavit badly conflates his research on vulnerabilities in the systems that run on board commercial aircraft with actual tampering with in-flight systems.

As reported by The Security Ledger, Roberts (a.k.a sidragon1), a leading researcher delving into the security of airplanes, was taken in for questioning by FBI agents in Syracuse on April 15, apparently over concerns that he attempted to hack into critical systems aboard a United flight earlier in the day. In an interview with The Security Ledger at the time, Roberts said that he was questioned by FBI agents and had his laptop and a variety of external storage devices were confiscated by the FBI. At the time, the FBI agents questioning Roberts said they wanted to determine whether Roberts, an authority on security vulnerabilities in modern aircraft, may have accessed sensitive systems on a flight from Colorado to Chicago earlier in the day.

Their concern appeared to stem from a message posted by Roberts during a Colorado to Chicago leg of his flight, during which he tweeted about his ability to hack into in-cabin control systems on the Boeing 737.

“Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? “PASS OXYGEN ON” Anyone ? :)”

In the application for a search warrant, FBI Special Agent Mark Hurley cites that Twitter message, as well as others, as attesting to Roberts intent and ability to compromise in flight systems. Hurley said an investigation of the plane Roberts flew on from Denver to Chicago on April 15 showed physical evidence of tampering with the Seat Electronic Box (SEB), a preferred method for gaining access to the in flight entertainment network.

In requesting court approval to conduct a forensic analysis of Roberts gear, Hurley suggests that the computer equipment and storage devices contain evidence that prove Roberts hacked into the in flight systems aboard the United flight, or other flights.

Equipment seized from security researcher Chris Roberts by the FBI.

The basis for the FBI’s concern about Roberts is a series of interviews the FBI office in Colorado, where Roberts lives, conducted with him in February and March of this year. The FBI was interested in the substance of research that Roberts had conducted on vulnerabilities in in-flight systems between 2011 and 2014.

Citing those conversations, Hurley said Roberts claimed to have told FBI agents that he had been able to modify the thrust of an engine on a flight that he was on, causing the plane to move sideways.

Those interviews followed appearances by Roberts as an expert in a March 19 story by Fox News on the vulnerability of in flight systems.

After approximately two hours of questioning in April, Roberts was released and allowed to return to Colorado, though without his computer equipment, which remained in FBI custody. He has flown since: speaking at the RSA Security Conference in San Francisco in late April.

In a conversation with Security Ledger shortly after his release from FBI custody, Roberts made clear that he had not tampered with any in-flight systems on his flight to Syracuse.

Roberts has been demonstrating vulnerabilities in the avionics systems used on modern airplanes for the past five years, warning that modern planes have converged critical systems and non-critical systems such as in-flight entertainment and wi-fi in ways that create serious security and safety risks.

He is one of a cadre of computer security experts looking at the security of avionics systems. Among them are Ruben Santamarta a Principal Security Consultant for the firm IOActive who demonstrated last year how satellite based communications devices (SatCom) used to provide Internet access to planes in flight could be used to gain access to cockpit based avionics equipment.

Another: Brad “RenderMan” Haines has also demonstrated methods for moving from in-flight entertainment systems to critical control systems aboard planes.

Roberts said he had met with the Denver office of the FBI two months ago and was asked to back off from his research on avionics – a request he said he agreed to. Interest in his research was piqued both by the Fox news story and by a Government Accountability Report in April that warned about hacking threats to in-flight systems.

Spread the word!