United States News
See other United States News Articles
Title: Hacker told F.B.I. he made plane fly sideways after cracking entertainment system
Source:
[None]
URL Source: http://aptn.ca/news/2015/05/15/hack ... cracking-entertainment-system/
Published: May 16, 2015
Author: Jorge Barrera
Post Date: 2015-05-16 22:00:30 by out damned spot
Keywords: Hacker, FBI, plane
Views: 2056
Comments: 8
A well-known U.S. hacker told F.B.I. agents he took momentary control of an airplane’s engines mid-flight by hacking into its inflight entertainment system, according to a document filed in U.S. federal court and obtained by APTN National News. Roberts, who has been interviewed at least three times by the F.B.I. this year, is under investigation for allegedly hacking into the electronic entertainment systems of airplanes, according to an application for a search warrant to probe seized electronic equipment. The document shows F.B.I. agents investigating Roberts believe he has the ability to do what he claims: take over flight control systems by hacking the inflight entertainment computer. Roberts has not yet been charged with any crime. The allegations contained in the search warrant application have not been proven in court. Roberts is the founder of One World Labs and he is widely viewed as an expert on counter threat cyber security. F.B.I. agents obtained the search warrant on April 17 to probe a number of electronic items seized from Roberts after he arrived in Syracuse, NY, from Chicago on April 15. Roberts had posted a joke tweet earlier in the day while on a United Airlines flight between Denver and Chicago. The tweet referred to hacking into the airplane’s in-flight entertainment and passenger oxygen mask system. During two interviews with F.B.I. agents in February and March of this year, Roberts said he hacked the inflight entertainment systems of Boeing and Airbus aircraft, during flights, about 15 to 20 times between 2011 and 2014. In one instance, Roberts told the federal agents he hacked into an airplane’s thrust management computer and momentarily took control of an engine, according to an affidavit attached to the application for a search warrant. “He stated that he successfully commanded the system he had accessed to issue the ‘CLB’ or climb command. He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights,” said the affidavit, signed by F.B.I. agent Mike Hurley. Roberts also told the agents he hacked into airplane networks and was able “to monitor traffic from the cockpit system.” According to the search warrant application, Roberts said he hacked into the systems by accessing the in-flight entertainment system using his laptop and an Ethernet cable. * F.B.I. agents let Roberts go after they seized his equipment and questioned him in Syracuse. The agents then tracked the Denver to Chicago airplane Roberts took before connecting to Syracuse. Roberts sat in seat A3 on the Chicago flight. The airplane was traced to Philadelphia and F.B.I. agents discovered the boxes in seats A2 and A3 showed evidence of tampering, according to the warrant application document. The document stated the box under A2 was “damaged” with the outer cover “open approximately” half and inch and “one of the retaining screws was not seated and was exposed.” Roberts was blocked from boarding a United Airlines flight he had booked to fly him out of Syracuse, Wired magazine has reported. The F.B.I. said it seized Roberts’ electronic equipment in the interest of public safety because they believe he has the ability to take control of airplane systems. “We believe Roberts had the ability and the willingness to use the equipment then with him to access or attempt to access the (inflight entertainment system) and possibly the flight control systems on any aircraft equipped with an (inflight entertainment system) and it would endanger the public safety to allow him to leave the Syracuse airport that evening with that equipment,” sates the warrant application. The items seized from Roberts include a black iPad with a “Death Wish Coffee Co.” sticker, a silver MacBook Pro with “multiple” stickers, three hard drives, six thumb drives and two USB cables. Shortly after the incident with Roberts, Wired reported that the TSA and the F.B.I. issued a bulletin to airlines to be on the lookout for passengers showing signs they may be trying to hack into an airplane’s Wi-Fi or inflight entertainment system. Wired also reported that the U.S. Government Accountability Office issued a report warning that electronic systems on some planes may be vulnerable to hacking. Roberts told the F.B.I. that he has discovered vulnerabilities in the inflight entertainment systems of Boeing 737-800, 737-900 and 757-200 aircraft along with Airbus A-320s. Air Canada flies Airbus A-320 aircraft and WestJet flies Boeing 737-800 aircraft, according to the airlines’ websites. According to Wired, Roberts has been issuing warnings about vulnerabilities in inflight entertainment systems for years. jbarrera@aptn.ca @JorgeBarrera
Poster Comment: *Download (PDF, 819KB): No preview available
Post Comment Private Reply Ignore Thread
Top • Page Up • Full Thread • Page Down • Bottom/Latest
#1. To: All (#0)
More on this from Wired and pdf works: “He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights,” FBI Special Agent Mark Hurley wrote in his warrant application. (pdf) “He also stated that he used Vortex software after comprising/exploiting or ‘hacking’ the airplane’s networks. He used the software to monitor traffic from the cockpit system.” http://www.tedcruz.org
Its an interesting set of issues. If true, this man has exposed a major breach in our airplane security. Obviously if he can do it, and apparently it has been demonstrated that he can, then others can do it. Now, if he merely SAID he could do it, it could be (and WOULD be) denied by security "experts" all around the place. They'd ignore him as a crank. But if it can be done - and apparently it can be - the first we'd know about it would be some airplane being driven into a city somewhere…or an aircraft carrier... by terrorists or state actors. Nobody would listen to the soft warning of some guy, even if it were true. To prove the threat, he had to carry it out, to DO it. Now it CAN'T be denied. Now it's embarrassing, and a real threat has been exposed that never would have been exposed, probably, any other way, or that would have been acknowledged as possible but dismissed. So, by doing it, provably, but apparently harmlessly, he's done an incredible public service. Now it's known, public, proven, and the threat HAS to be addressed. He's also proven that he's a genius. However, what he did was illegal. Illegal and risky. He's a genius, but suppose he had been only partly successful in what he had done. Suppose he triggered something runaway and inadvertently brought down a plane. The authorities would be right in saying that, even if he probably saved people's lives by revealing this security problem, he also endangered people's lives, illegally, and had no right to do so. So, what do you do? I think the answer is that you offer him a job with the government, doing that sort of spooky work with the government's essentially unlimited budget. He has revealed himself to be a genius with a unique set of skills, indeed a national security asset, and he should be doing just precisely that with his skills. By doing so, he should be set for life - a steady, well paying job, with all of the benefits, guaranteed retirement, guaranteed job security, living where he likes (there are government labs everywhere). His economic worries will be gone, and he'll be using his genius at the highest level of security. That's good. But if he refuses to put his talent to that use, he's a loose cannon, a rogue hacker who has endangered lives of Americans in the air on many instances. He has the capacity to do it again and again, and more, unsupervised, it's all criminal. No charges should be pressed and he should be given a very cushy and interesting job, with job security, in national security, because he's obviously go the goods. But if he refuses, he should be in a jail cell without access to electronics, because he's a dangerous criminal.
He's also proven that he's a genius. At most, he's proven that a few models of poorly designed airliners have vulnerabilities due to the in-flight entertainment system having networked access to a few of the automated in-flight control systems. This is not a universal vulnerability of airliners. The vast majority of airliners have entertainment and broadband that are entirely separate systems from any flight control systems. We really don't know the extent of how easily these systems can be compromised or the number of aircraft that (may) have a vulnerability. It's too soon to draw broad conclusions about this case. If you look at techie sites, no one is defending this guy. He built a simulator to learn enough to hack these systems and he knew years back that he was meddling with flight controls. You should expect he will go to federal prison -- and not a Club Fed -- for a decade or more.
Well, he shouldn't go to a federal prison. He should first get an opportunity to work for our side. He has skills, rare ones, and we should harness people who can do that, not punish them for embarrassing our second-rate counters. You know that Robert Fulton built a prototype submarine for France and demonstrated a steamboat on the Seine at the beginning of Napoleon's rule. He offered Napoleon the opportunity to build ships that were not subject to wind and tides. Which means that with a fleet of them, the French could wait until bad weather, or calm weather, and steam past the English to Britain. Or other things. With steamboats Napoleon would have had a technology that could have defeated the British at sea. For unlike the Merrimack and Monitor, wherein both sides were working on the issue, and had an ironclad at the same time, the English, and the French, both, were not there. Fulton was. He'd figured it out and offered it to Napoleon. Napoleon had no time for it. He ridiculed the idea that a ship could move against wind and tides "by lighting a fire under her deck". So the man who actually probably COULD have handed France a decisive naval victory over England, and an invasion force that would have been able to get the British to London and end the war…was spurned. That was stupid. It was probably Napoleon's greatest technological error. If we've got a guy in our possession who came forward showing he is able to DO such a thing as he has demonstrated, you don't throw him into a prison out of spite. That's a waste of a resource. You USE him to your advantage. We hire assassins, and informants, and 'roid 'ragin' cops. We hired Werner Von Braun. Ignoring a guy who has spooky skills and persistence and who comes forward with a home-made hack that captures airplanes. We would be morons if we stood on some formality and didn't get that guy into our service.
It sounds like the caliber of witty ridicule one runs into around here.
His skills are not rare at all. You overestimate him greatly. He could have done something that crashed the computerized throttle controls, leading directly to a plane crash. Yes, he does deserve prison time. And Napoleon doesn't prove anything about hacking flight control systems on an airliner either way. The only question remaining is whether he gets more or less than 10 years in federal prison for this stunt. I don't see any geeks defending him on sites like Slashdot or Ars Technica. Nobody defends him. Well, except you. BTW, I read that half of the people at his small security company just got laid off. Backlash from his exploit. They're all radioactive to businesses now. The reputation of these former employees will also be suspect to some employers. Strangely, I just noticed the article is so poorly written that they never gave his full name, just "Roberts". I've been noticing this in more and more articles over the last few years. For instance, we had an article recently on a guy shot by cops on a noise complaint. He was armed, other details not written. But they named his father in full, just never identified him, even though obviously it was not due to next-of-kin notifications; his parents lived in the other side of his duplex and were at the scene. The hacker's name is Chris Roberts. United, meanwhile, has created a bug bounty program that offers people free airline miles in exchange for information about security vulnerabilities and bugs they discover. United explicitly notes, however, that the bounty does not apply to “bugs on onboard Wi-Fi, entertainment systems or avionics.”
A bit more on this area of cybersecurity. Chris Roberts is far from the only one who has issued warnings. But others did it the right way, not by hacking into a plane in flight and issuing orders to override the pilots' control of the engines. The Government Accountability Office (GAO) warned the U.S. Federal Aviation Administration that late model aircraft may be vulnerable to cyber attacks that could affect the operation of avionics systems needed to keep the plane airborne. In a report issued Tuesday (GAO-15-370), the GAO said that the FAA faces “challenges protecting aircraft avionics used to operate and guide aircraft” and that “significant security-control weaknesses remain that threaten the agency’s ability to ensure the safe and uninterrupted operation of the national airspace system.” Among those: a lack of clear certification for aircraft airworthy readiness that encompasses cyber security protections. That lapse could allow planes to fly with remotely exploitable vulnerabilities that could affect aircraft controls and guidance systems. The GAO report did not provide details of any specific vulnerability affecting any specific aircraft. Rather, GAO cited FAA personnel and experts, saying that the possibility exists that “unauthorized individuals might access and compromise aircraft avionics systems,” in part by moving between Internet-connected in-flight entertainment systems and critical avionics systems in the aircraft cabin. “According to FAA and experts we spoke to, IP networking may allow an attacker to gain remote access to avionics systems and compromise them,” GAO said. The report is the most direct evidence to date that modern aircraft are providing so-called “air gapped” separation of avionics systems and in-flight systems used by passengers, and that remote cyber attacks against airborne planes—or attacks launched from within the passenger cabin – are possible. According to the GAO report, software based firewalls that separate avionics and in-flight entertainment systems can be “hacked like any other software and circumvented.” The report focuses on a number of aspects of the FAA’s approach to cyber security, noting that the agency lacks a coherent strategy to address cyber security weaknesses in both flight control and avionics systems. The agency spreads responsibility for cyber security across a number of departments and offices. Notably: the FAA’s Office of Safety (AVS) hasn’t developed assurances that cybersecurity is addressed as part of its certification, and is falling behind the rapid pace of technology development by airlines. Specifically: the FAA uses so-called Special Conditions rules, of limited scope, to address new technologies that rely on IP technology and that could pose cyber security risks. The Special Conditions rules give the manufacturers the ability to move ahead with the design of the aircraft with the additional features. As an example, the FAA issued Special Conditions to address the increased connectivity among aircraft cockpit and cabin systems for the Boeing 787 and Airbus A350, the GAO noted. Those rules provided “systems cybersecurity and computer network protection from unauthorized external and internal access,” Those rules could provide the foundation for new, uniform cyber security regulations, but the FAA has yet to issue such regulations. Security researchers have long warned that hackers could jump from in-flight entertainment systems in the passenger cabin to cockpit avionics systems if airlines did not take proper precautions, such as so-called “air gapping” the networks. At last year’s Black Hat Briefings, researcher Ruben Santamarta of IOActive demonstrated a method of hacking the satellite communications equipment on passenger jets through their WiFi and inflight entertainment systems.
Another cybersecurity guy's blog: "We can still take planes out of the sky thanks to the flaws in the in-flight entertainment systems," said Roberts, who discovered susceptibilities in the system passengers use to watch television at their seats and is sharing his findings with the federal government. "Quite simply put, we can theorize on how to turn the engines off at 35,000 feet and not have any of those damn flashing lights go off in the cockpit." It was the same guy who previously claimed to CNN that he had accessed an alarming amount of information after plugging into SEBs without permission under passenger seats: "I could see the fuel rebalancing, thrust control system, flight management system, the state of controllers," he said. If a fellow passenger ever asked what he was doing, Roberts would simply say, "We're enhancing your experience by putting in new systems." Or maybe you remember when Roberts got himself into a spot of bother last month after making this "joke" tweet, after boarding a plane: Surprise surprise, the authorities didn't find that too funny, and Roberts was subsequently ejected from a flight because of it (before it took off, fortunately for him). I'd guess he's already on a lifetime no-fly ban.
#2. To: out damned spot (#0)
#3. To: Vicomte13 (#2)
So, by doing it, provably, but apparently harmlessly, he's done an incredible public service. Now it's known, public, proven, and the threat HAS to be addressed.
#4. To: TooConservative (#3)
#5. To: Vicomte13 (#4)
Napoleon had no time for it. He ridiculed the idea that a ship could move against wind and tides "by lighting a fire under her deck".
#6. To: Vicomte13 (#4)
(Edited)
Well, he shouldn't go to a federal prison. He should first get an opportunity to work for our side. He has skills, rare ones, and we should harness people who can do that, not punish them for embarrassing our second-rate counters.
Roberts also used a modified Ethernet cable to access the aircraft. That won't turn out well for him.
While the FBI has not yet completed its investigation, there’s already been one casualty: the company Roberts founded, One World Labs, failed to secure a round of funding and had to lay off twelve people, or half its staff, he said. That came about because the board decided the business was too risky, in part because of all the unwelcome attention Roberts has been getting.
#7. To: Vicomte13 (#4)
Hackers are working now on how to bridge control even to air-gapped computer networks.
#8. To: All (#6)
https://grahamcluley.com/wp-content/uploads/2015/05/fox-news.jpeg
You still want to get on a plane with the Precious Genius? I wouldn't. You might know Chris Roberts from an article Fox News published in March, saying he knew how to "take planes out of the sky" via flaws in in-flight entertainment systems: 
Top • Page Up • Full Thread • Page Down • Bottom/Latest
[Home] [Headlines] [Latest Articles] [Latest Comments] [Post] [Mail] [Sign-in] [Setup] [Help] [Register]