Hacker says he made plane change course

19 May 2015 | Author: | No comments yet »

Chris Roberts’ mid-air ‘plane hack’ raises big questions around white hat ethics.

Washington: In a claim that could send chills down the spine of air travellers around the globe, a US-based security researcher has told the Federal Bureau of Investigation (FBI) that he was capable of hacking into in-flight systems and issue commands that could cause a flying plane to move sideways.

An FBI agent’s claim that a hacker may have exploited weaknesses aboard more than a dozen commercial flights, including sending commands to a jet engine in midair, has sparked new worries over the safety and cybersecurity of the nation’s passenger planes.Roberts has lately found himself at the centre of controversy thanks to an off-the-cuff tweet about hacking a United Airlines flight’s computer system.

The man named Chris Robert claims that he had hacked into the plane’s systems 20 times between 2011 and 2014 and once also managed to issue climb command that resulted a sideways movement. Chris Roberts, with the security intelligence firm One World Labs, got himself into hot water with the FBI and United Airlines last month for cracking a joke about hacking into the United airplane he was flying on. According to a CNN report, that cited a FBI document, Roberts “had the ability and the willingness to use the equipment then with him to access or attempt to access the in-flight entertainment systems and possibly the flight control systems on any aircraft equipped with an in-flight entertainment system, and that it would endanger public safety”. The FBI investigation comes one month after more than 50 American Airlines flights were delayed due to a bug in a critical iPad flight-navigation app that pilots could fix only by nudging closer to an airport’s WiFi. Roberts was eventually yanked from the flight and detained by the FBI, who confiscated his computer equipment and questioned him about his knowledge of hacking planes through their inflight Wi-Fi or entertainment systems.

And it comes two months after the deadly crash of a Germanwings jet in the French Alps, caused by a copilot who locked the captain out of the cockpit and began the descent, killing all 150 people on board. Despite that tragedy and the cyber-scares, air travel has never been safer — 20 commercial flights crashed last year, making it one of the safest in aviation history. Robert also claimed that the thumb drives that contained “nasty” malware, could be used to compromise computer networks, the CNN cited the FBI document. But a new wave of technology is raising questions about security for an industry that has long kept a tight grip on the information flowing among pilots, air-traffic controllers and top officials. Chris Roberts, who describes himself on Twitter as a researcher in “InfoSec stuff and actual/meaningful threat intelligence” has defended himself, saying his main motive has been to improve aircraft security.

A security insider told Fairfax Media that Roberts was considered an “elder” at DEF CON – a global hacking and security conference regularly attended by law-enforcement agencies – as he had spoken there so often to share his expertise. “He’s a very respected figure in the media; he does a lot of talking about security to the betterment of us as a society,” the insider, who didn’t wish to be named, said. From there, according to the FBI, Roberts said he was able to change code on a plane’s internal computers and even command a plane to climb and fly sideways. In an interview with Wired after the court documents leaked to the public, Roberts said that the FBI took his words out of context about controlling the aircraft.

But other aviation and security experts said the claims, of tapping into flight controls via a seat outlet, stretched the imagination, because entertainment and crucial flight systems are often kept separate. Roberts did not respond to Fairfax Media’s request for comment, however he told the Security Weekly video podcast earlier this month that despite repeated warnings, rather than fixing the problem, Boeing issued a report which described him and his associates as “potential threats”.

Hacking a plane’s engine controls through its entertainment system, they argue, is a bit like controlling a car’s steering wheel through its CD player. At least one law-enforcement official has (anonymously) suggested they don’t think it’s plausible, while security consultants Desmond Ross and Kevin Mitnick have called it “fantastical” and “bullshit”, respectively. In Boeing jets, entertainment systems are kept separate from flight and navigation, pilots have multiple navigational systems at their disposal, and the jet’s flight plan can’t change without pilot approval, Boeing spokesman Doug Alder said. “On every flight, there are multiple layers of security and procedures in place to protect passengers and crew,” said Victoria Day, a spokesperson for Airlines for America, the industry’s trade group. But the industry came under fire in a Government Accountability Office report last month, which said that in-flight WiFi networks on some Boeing and Airbus planes could allow an attacker to commandeer a flight.

Cockpit electronics connect to the same networks as the passenger cabin, and the firewalls that divide them can, as cybersecurity experts told the watchdog, “be hacked like any other software and circumvented.” Security experts such as Christopher Soghoian, who in 2006 built a tool exploiting an airline weakness by allowing people to print fake boarding passes, poked back at the industry itself, saying it had sacrificed security when it made features like the under-seat port, designed for entertainment systems, easily available to anyone. “In order to show video ads to passengers,” Soghoian tweeted, “airlines placed an easy to access ‘hack this plane’ data port under every seat.” Some of air travel’s biggest tech headaches have arisen from the same hazards troubling other industries. The catch is the program only applies to the airline’s public-facing website and apps – not to its internal staff networks, and definitely not to any computer equipment on an actual plane.

Air miles and loyalty programs have become easy targets for hackers, analysts said, because they often lack the security controls protecting credit cards, checking accounts and other forms of currency. Miller said a formal, on-the-ground penetration test, drawing on the expertise of aviation specialists was a better option than inviting white hats to tamper with passenger flights. But the industry’s tech problems have also challenged the basic safety measures of commercial flight, including last month, when dozens of American Airlines pilots were stranded on the runway after the iPad app that gives them their flight plans crashed. The airline had in 2013 turned to the app as an alternative to heavy bags of paper maps, saying the switch would allow for quicker updates, take weight off pilots and even save $1 million a year in fuel. But the glitch showed the risk of too much tablet dependence, especially because the airline didn’t carry backup paper terminal charts in its cockpits.

To counter technical problems, United Airlines this month launched the industry’s first “bug bounty,” offering free airline miles to hackers who alert the carrier to vulnerabilities in its Web site, app and reservations system. Years of bankruptcies and megamergers have left fewer airlines to compete over a growing traveler base, and some analysts have argued the air carriers have been slow to implement important upgrades. But some airlines are “starting to see that messy operations are very expensive,” said Seth Kaplan, a managing partner for trade publication Airline Weekly. “When you invest money wisely in tech, and not just a blank check, you get this virtuous cycle where you don’t have as many delays, you’re not losing as many bags” — and passengers feel more confident to step on the plane.

Here you can write a commentary on the recording "Hacker says he made plane change course".

* Required fields
All the reviews are moderated.
Our partners
Follow us
Contact us
Our contacts


ICQ: 423360519

About this site