Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Transportation Crime Security

FBI Alleges Security Researcher Tampered With a Plane's Flight Control Systems 190

Salo2112 writes with a followup to a story from April in which a security researcher was pulled off a plane by FBI agents seemingly over a tweet referencing a security weakness in one of the plane's systems. At the time, the FBI insisted he had actually tampered with core systems on an earlier flight, and now we have details. The FBI's search warrant application (PDF) alleges that the researcher, Chris Roberts, not only hacked the in-flight entertainment system, but also accessed the Thrust Management Computer and issued a climb command. "He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights. He also stated that he used Vortex software after comprising/exploiting or ‘hacking’ the airplane’s networks. He used the software to monitor traffic from the cockpit system." Roberts says the FBI has presented his statements out of their proper context.
This discussion has been archived. No new comments can be posted.

FBI Alleges Security Researcher Tampered With a Plane's Flight Control Systems

Comments Filter:
  • by ganjadude ( 952775 ) on Saturday May 16, 2015 @06:05PM (#49707541) Homepage
    Somehow I doubt this actually happened. While I can believe that in theory it might be possible. I just dont see this guy, a security researcher from what I understand has a great reputation would have done this.

    More likely the government is trying to save face right now. and since the TSA cant seem to catch any real terrorists, might as well make an example out of someone instead.
    • by PRMan ( 959735 ) on Saturday May 16, 2015 @06:21PM (#49707625)
      He already said that this paragraph is taken out of context and that he didn't do it (on a real plane). Basically, he's saying the FBI is lying. Shouldn't be too surprising considering how many times they've lied to the courts recently, but hopefully a jury pays attention to all that.
      • by sjames ( 1099 ) on Saturday May 16, 2015 @06:41PM (#49707719) Homepage Journal

        Surely if he ACTUALLY did any such thing the FAA would have issued a notice requiring aircraft WiFi (at least in that model plane)to be disabled. It seems like we have an id10t at the FBI who wants to notch his belt and hasn't considered the wider implications of his allegations.

        Consider if the FBI should prevail in court. Suddenly the FAA comes under fire and has to publicly denounce the verdict and the FBI to save itself. The flip side is that the FAA gets proactive and testifies that it can't happen and the FBI gets to sit in the hot seat.

        • by msauve ( 701917 ) on Saturday May 16, 2015 @07:43PM (#49707945)

          if he ACTUALLY did any such thing the FAA would have issued a notice requiring aircraft WiFi

          You obviously didn't read the search warrant.

          First, it states that in previous interviews (in Feb, and I'll bet the FBI has audio records to support that), he had described connecting to the network using Ethernet connected to a "Seat Electronic Box" ("SEB") which is mounted under the seats. So, WiFi has nothing to do with it. In the same interview, he said he understood the legal ramifications and would not access airplane networks.

          The warrant goes on to state that the FBI inspected the SEBs around the seat he occupied on his 4/15 Denver to Chicago leg, and found signs of damage and tampering.

          That, along with his history and the tweet regarding being on the flight and suggesting he could tamper with the flight systems seems to me to be reasonable grounds for a warrant.

          And, I hope he's prosecuted. Also in the Feb. interview, he admitted actually tampering with flight control systems. It's one thing to find a vulnerability and try to get it addressed. It's quite another to actually make use of that vulnerability during a flight, placing the public at risk.

          • by sjames ( 1099 ) on Saturday May 16, 2015 @08:38PM (#49708207) Homepage Journal

            s/WiFi/SEB/g and it's the same issue. Surely you could have managed to work that out.

            How many of the OTHER SEBs showed the same signs, I wonder?

            • by garyisabusyguy ( 732330 ) on Saturday May 16, 2015 @09:09PM (#49708329)

              The network that he gained access to was the In Flight Entertainment System via default userids and passwords

              The primary order should have been for the airlines to set up routines to cycle the passwords
              We do not know if they did that because the only access that they claim he got at this point is to the box under his seat

              I think that more definitive proof would be that he managed to log into the system because there could be claims that the box under the seat was being moved around by luggage feet of passengers behind him

              None of this addresses how he managed to hop from the entertainment system network to the flight system network, which many people have claimed are air gapped from each other

              • by Rich0 ( 548339 ) on Saturday May 16, 2015 @10:24PM (#49708617) Homepage

                Well, either he did manage to access the flight controls from the entertainment system, or he didn't.

                If he didn't, I don't think the FBI has much of a case.

                If he did, then the FAA should certainly be issuing an airworthiness directive banning any inflight entertainment system with a connection to the flight control systems. I don't think it is likely that they'd be satisfied with passwords. As far as the FAA is concerned video games on planes are optional, safe flight is not.

                The fact that the FAA hasn't gotten involved makes me skeptical of the FBI's claims. I have a lot of issues with how the FAA does things, but they usually take any kind of potential aircraft defect seriously.

                • by j-turkey ( 187775 ) on Sunday May 17, 2015 @01:32AM (#49709189) Homepage

                  Well, either he did manage to access the flight controls from the entertainment system, or he didn't.

                  If he didn't, I don't think the FBI has much of a case.

                  I don't think that this has anything to do with whether or not the FBI actually has a case. I suspect that this is the federal government sending a message to security researchers that airplanes are off-limits. It's the same reason for the TSA's billions of dollars of security theater - it's not about safety, it's about making people feel like they are safe. If average citizens do not feel safe flying, they won't fly and we won't have an airline industry. This would have a tremendous effect on our economy. If average citizens believe that flight control systems can be hacked by a geek in his/her seat with a laptop, they will not feel safe, and may not fly.

                  I'm not much of a conspiracy theorist, and I'm not about to start now. However, given the fact that it seems other-worldly outlandish that a security researcher can gain control of any flight controls via the wi-fi entertainment system, I strongly suspect that this is the purpose of the FBI's heavy-handed tactics.

                  • by dcollins117 ( 1267462 ) on Sunday May 17, 2015 @04:02AM (#49709581)

                    ...it's not about safety, it's about making people feel like they are safe.

                    I'd feel safer if security professionals vetted the system, and verified that it was safe from hacking. Precisely what the FBI is actively working to prevent.

                    I do like the phrase "other-worldly outlandish" to describe the situation. It beats "hogwash", which was my first reaction. This is just a search warrant application, though, and I wonder what the FBI agent's culpability is for making, let's say, "less than truthful" statements in order to obtain a search warrant.

                  • by Dog-Cow ( 21281 )

                    Alleging that someone actually did hack the flight system is not going to promote safety. No one is going to fail safer because they caught the guy. They're going to worry about who is on their flight that won't get caught because he's going to fly the plane into a building first.

                  • by SumDog ( 466607 )

                    There is almost no outrage anymore to the rape-a-scanners. There are studies showing people who have high levels of CAT scans have an increase risk of cancer above baseline. There has never been an independent (non-TSA) study on the body scanners or milimeter-wave machines.

                    Fifteen years from now, are we going to see a significant increase of certain cancers for all frequent fliers?

                    • The extra radiation you get from the porno-scanners is much less than the extra radiation you get from flying in the upper atmosphere (reduces atmospheric blockage of solar radiation). Flying is a significant source of health risks already: hightened radiation levels, reduced circulation due to cramped seats, poor air quality due to reduced circulation.
                  • it's not about safety, it's about making people feel like they are safe. If average citizens do not feel safe flying, they won't fly and we won't have an airline industry. This would have a tremendous effect on our economy

                    What, we might to back to rail, like we should have done decades ago? Bring on the security researchers!

                  • by cusco ( 717999 )

                    I think you're giving the average citizen far too much credit. They see entire corporate IT systems taken over with dozen keystrokes on TV a dozen times a month, if you asked you might be surprised to find that an awful lot of people would immediately believe that an airplane could be taken over in flight the same way. The reason they don't worry about it is because they don't think about it, it never occurs to them. They never worried about box cutters being a hazard to everyone on a plane until after

                  • We should be pushing for high speed rail links anyway. You can't power a jet with solar energy, and at distances below a thousand miles there is no difference in total travel time.
                • by Hognoxious ( 631665 ) on Sunday May 17, 2015 @12:53PM (#49711673) Homepage Journal

                  For once, not xkcd.

                  https://www.flickr.com/photos/... [flickr.com]

              • by sjames ( 1099 ) on Saturday May 16, 2015 @10:27PM (#49708631) Homepage Journal

                That's more or less my point. Apparently the many who say it can't happen includes the FAA (otherwise, why no advisory). The FBI alleges that he actually did just that during the flight (even if not impossible, their story is a bit thin).

                More strangely, he as a future defendant is one of the few experts who believes it is even possible, but they can't exactly use him as an expert witness for the prosecution.

              • by tlhIngan ( 30335 ) <slashdot@wo[ ]net ['rf.' in gap]> on Sunday May 17, 2015 @03:21AM (#49709503)

                None of this addresses how he managed to hop from the entertainment system network to the flight system network, which many people have claimed are air gapped from each other

                Not quite air-gapped, bridged one way. Otherwise how do you think the flight page on the entertainment system gets its data form?

                The aircraft has two networks. The inflight system is Ethernet based, traditional IP and everything. Inflight WiFi is usually a separate network from this, maybe, which leads to its own satellite transponder and antenna array on the aircraft.

                The other network is the one all the avionics talk via. On modern aircraft, it's Ethernet-like. It's not quite ethernet, more slotted and with QoS guarantees and priorities. Basically it has real-time extensions added to it. They are not compatible with each other. It is NOT IP based at all, relying on proprietary protocols and addressing. There is a bridge device that allows data from the avionics network to be passed to the inflight network, but not the other way around. The bridge does not allow communications the other way because it lacks the ability to transmit on that network.

                On older planes, the network isn't Ethernet based at all, it's a completely proprietary protocol, and again, the bridge is one-way because they lack the ability to transmit.

                The easiest way for a passenger to take over the plane electronically is to get through the floor. The cabling for both networks usually runs close to each other.

                • Nitpick: it's not proprietary, it's just not used outside of aerospace environments.

                  Otherwise, you're exactly right.

          • FBI is lying (Score:4, Interesting)

            by Anonymous Coward on Saturday May 16, 2015 @09:32PM (#49708427)

            He said if he was an attacker he could "access the control computer, ... issue a climb command..." etc.. FBI has just taken those quotes out of context to justify its warrant.

            In this case he was dumb and was reporting what he thought was a vulnerability to the FBI, and explaining the possible attack scenarios, and the FBI have thought "great! finally we can justify our terrorism budget!" and arrested him.

            As to whether there is a cat5e ethernet port that connects to the flight computer under a passenger seat. Why would there be such a thing? The only network there is the inflight entertainment system and those systems have no physical route to the flight controls.

          • by Agripa ( 139780 )

            First, it states that in previous interviews (in Feb, and I'll bet the FBI has audio records to support that), he had described connecting to the network using Ethernet connected to a "Seat Electronic Box" ("SEB") which is mounted under the seats.

            FBI policy is to *not* to record interrogations and instead rely on the written notes and memories of the agents. If the agent misremember or wrote down the wrong thing, then it sucks to be you.

          • The warrant goes on to state that the FBI inspected the SEBs around the seat he occupied on his 4/15 Denver to Chicago leg, and found signs of damage and tampering.

            Whats more they found his pubic hair on the SEB pcb, DNA matches.

          • The warrant goes on to state that the FBI inspected the SEBs around the seat he occupied on his 4/15 Denver to Chicago leg, and found signs of damage and tampering.

            So... during a 2 hour flight (30 minutes of which is spent climbing and descending) there wasn't one person or flight attendant who noticed the guy pushing the person next to him out of their seat to squeeze down in the pitiful space between coach seats to fiddle with the SEB? I'm sorry, I don't buy it. Doesn't matter how familiar you are with the hardware... in order to tamper with it to the extent that you can then plug your laptop into it you can't do that by touch, or quickly. Given all the paranoia abo

            • by msauve ( 701917 )
              He was in seat 3A, which is in 1st Class on a 737. He had previously claimed to have done it 15 to 20 times. And, of course, he's only under reasonable suspicion of tampering with it on that specific flight, which is why they sought a search warrant.
      • by wonkey_monkey ( 2592601 ) on Saturday May 16, 2015 @07:12PM (#49707823) Homepage

        he didn't do it (on a real plane).

        The "not on a real plane" bit comes from this paragraph of the article:

        Roberts had previously told WIRED that he caused a plane to climb during a simulated test on a virtual environment he and a colleague created, but he insisted then that he had not interfered with the operation of a plane while in flight.

        That was then. This is now.

        The FBI says he admitted to - briefly - taking control of a plane .He's saying they've got that "out of context". The only context I can think of that makes it okay is if it was with the full knowledge and backing of the airline.

        • by lgw ( 121541 )

          My money is on the FBI flat-out lying. It's what cops do. But of course I'm speculating and haven't seen the evidence. If it gets to court, a jury will make the call, and if they find the FBI's actual evidence convincing, that's what matters. OTOH if the FBI drops the case then we'll know this was all BS.

          • My money is on the FBI flat-out lying. It's what cops do. But of course I'm speculating and haven't seen the evidence. If it gets to court, a jury will make the call, and if they find the FBI's actual evidence convincing, that's what matters. OTOH if the FBI drops the case then we'll know this was all BS.

            Indeed, lying is the main method that cops use to secure a confession. Especially in the context of an interrogation never believe anything that a cop or fed says, assume its a lie trying to trick you into revealing something.

          • My money is on the FBI flat-out lying.

            not this time, they even have hair evidence to prove it!

        • Roberts had previously told WIRED that he caused a plane to climb during a simulated test on a virtual environment he and a colleague created, but he insisted then that he had not interfered with the operation of a plane while in flight.

          That was then. This is now.

          The FBI says he admitted to - briefly - taking control of a plane .He's saying they've got that "out of context". The only context I can think of that makes it okay is if it was with the full knowledge and backing of the airline.

          Your quoted text says he took control of a virtual plane. That is not the same as taking control of a plane. Did you quote the wrong text, or does the quoted text contain your answer, making it spectacularly puzzling as to why you would ask the already-answered question?

          • What I'm pointing out is that him previously stating that he took control of a virtual plane does not rule out him subsequently taking control of a real plane, though it's not clear from the article just what period "previously" covers, and now I think about it it's vague enough to make little sense whichever way you take it.

            Still, his previous denial that he took control of an actual plane does seem to clash a little with his new stance of apparently quite carefully not denying that he took control of an a

      • He's the one that made the claims. He said he did it, and then went to the FBI to explain how he did it. Other than finding the tampered box lid, all the "evidence" is in his claims.

        I could knock a panel loose and then claim I hacked the in-flight entertainment system and made an airplane into a sperm whale and then a potted plant. That doesn't make it real, even if I showed them a box containing an infinite improbability drive. Funny thing about that, when most people see it, they see an empty box.

    • by rahvin112 ( 446269 ) on Saturday May 16, 2015 @06:56PM (#49707761)

      The FBI is notorious for taking statements out of context and using them against you, including charging you with lying when your out of context statement isn't correct. You should NEVER talk to the FBI without a lawyer and without a recording device running that records the entire conversation. The ironic thing is the FBI will actually refuse to interview you with a recording device running because they then can't use out of context statements against you.

      Never ever talk to the FBI unless it's in YOUR lawyers office with a recording device running. There are plenty of videos on youtube that explain how the FBI uses these conversations against people and why you should never talk to them.

      • by Anonymous Coward on Saturday May 16, 2015 @07:18PM (#49707849)

        The police CAN and WILL use anything you say against you, NEVER EVER EVER for your benefit or for you. People do not realize that. They are trained to use various tactics to extract information out of you, The rooms are uncomfortable, they are small, they leave you alone for long periods of time, they make promises that you can leave soon if... etc.. Please people, never talk to police, you get ZERO benefit from it. Really, ZERO. If you said he hit me 20 times and I hit him back, They will only use the part where you said you hit the person, it might not ever be on an official record anywhere either. They very selectively cherry pick small bits and pieces from your sessions. There is no context at all. They are not interested in finding the actual person who committed a specific crime, they are interested in find a person.

    • Wouldn't it be a simple matter to check the flight data recorder to see if the engine in question actually did what the FIB (intentionally written that way) said it did?
      • by Anonymous Coward on Saturday May 16, 2015 @08:00PM (#49708007)

        It turns out the plane did in fact climb, for 20-30 minutes, at the start of the flight.

      • Wouldn't it be a simple matter to check the flight data recorder to see if the engine in question actually did what the FIB (intentionally written that way) said it did?

        You might miss out on the opportunity to plead guilty to a crime you didn't commit in order to take a short cut through an otherwise long and expensive legal process. I believe this is called a 'plea bargain' where the US legal system accepts your blatant lie in exchange for improving their case closed statistics. Ie a corrupt practice.

      • Simple, but unnecessary. They found Flight 370 in his garage. This guy is in a lot of trouble.
      • I believe the data recorders are overwritten every flight. So unless they grabbed the black box at the time, too late.

    • "Somehow I doubt this actually happened. While I can believe that in theory it might be possible."

      Note this is not an indictment, it is a search warrant application.

      The FBI alleges that Chris Roberts claims to have committed a crime. That would be the probable cause for a search warrant for the investigation into whether he did in fact commit the crime that he claims. An alternative explanation for Roberts's claim is that he was just bullshiting the proles.

      Those crying that the lack of action thus far on th

    • It's not even possible in theory. There are several reasons for that.

      1. The routing of data is hardcoded into the switches and cannot be changed without physically accessing the switch. The routing table not only determines which devices may talk to which devices, but also the direction of the data flow. This means that a monitor device cannot talk to an engine because the monitor is configured only to receive data.

      2. But even if they managed to get the monitor device to send data, the switch would recogniz

      • by kbg ( 241421 )

        3. There are actually two networks, sending identical data for redundancy. Now guess what happens if one of the networks sends different data than the other? Right: The offending port / device gets shut down.

        If there are only two networks, how do you know which one is sending the wrong data?

        • Well, it's the one which passes all the checksums and error corrections. Plus, in case it's ambiguous, you can always shut down both ports in both networks.

    • The fucking "summary" is wrong.

      If you read the warrant application, the feds state the following:
      - He did try to access the IFE box, as evidenced by physical damage.
      - It is possible that he interfaced with the IFE systems and *possibly* other aircraft systems

      Nowhere did they say: "This guy accessed flight control systems."

    • No person in their right mind would link the entertainment network with the flight control system. It wouild be criminal negligence. Why risk a blue screen of death?
  • It's a PR campaign (Score:5, Insightful)

    by Mr. Freeman ( 933986 ) on Saturday May 16, 2015 @06:06PM (#49707543)
    No researcher would be so reckless as to actually screw with an airplane's engines mid-flight. The fact that the FBI alleges that he did means that they know damn well they have nothing to do on, but need to paint this guy as a terrorist in order to save themselves looking like idiots for arresting a guy based on a single twitter message.
    • by Gizan ( 3984275 )
      ^^^^^ what he said. And yes, I have nothing informative to add.
    • while i agree with you that this story sounds like bs, i despise this "always dealing with rational actors" argument

      people do insane things. all the time. if your argument depends upon how someone you don't know is perfectly sane and rational, your argument sucks

      • people do insane things. all the time. if your argument depends upon how someone you don't know is perfectly sane and rational, your argument sucks

        I don't know. What Roberts did sounds pretty reasonable to me.

        Roberts had previously told WIRED that he caused a plane to climb during a simulated test on a virtual environment he and a colleague created, but he insisted then that he had not interfered with the operation of a plane while in flight.

        If you ask me, it's the FBI that sounds completely insane.

        And if your argument is that the FBI is perfectly sane and rational, your argument sucks.

    • by rubycodez ( 864176 ) on Saturday May 16, 2015 @06:17PM (#49707593)

      "No pilot would be so reckless as to crash a jumbo jet into a mountain." "No doctor would be so reckless as to implant an unpreserved long-dead black market donor organ into a patient"

      You are silly

  • by Anonymous Coward

    This guy might be a giant dick who tried to crash a plane, and if that's the case we should hold him accountable like any other person who endangers others.

    But isn't the real problem here that, if what the FBI describes is true (which I doubt), the FAA allowed -- and is still, today, allowing -- a plane to fly with a passenger entrainment system that can access flight controls? The power train CAN bus in my car has better isolation and security than that.

  • Can't be too safe (Score:5, Insightful)

    by Crayola ( 250908 ) on Saturday May 16, 2015 @06:16PM (#49707589) Homepage

    Of course, if it were possible to take control of a plane like this, the government would immediately ground all those planes until the security flaw could be fixed, right? Funny, haven't heard that they've done that.

  • by Anonymous Coward on Saturday May 16, 2015 @06:18PM (#49707597)

    Do not under any circumstance EVER talk to law enforcement. It's that simple stupid. I don't care if the cop threatens to tow your car and take your children. STFU. If they have something on you they will do it anyway and if they don't then they're trying to get you to say something for which they can arrest you. Nothing you say will ever help you in a court of law. Law enforcement are TRAINED TO LIE in order to get the responses they're after. "Sir- I'll need to ask you to step out of your car so I can search it". He's not ordering you to step out of your car. He's asking permission to search your car. If you comply he'll testify in court you gave permission for them to search your car. The exact phrasing will never be heard in court as the cop will just summarize it as "I asked for permission to search he responded yes". Had you STFU and only surrendered your name and address and if driving your ID, insurance, and registration you would never have ended up arrested. Yes- cops will "get angry" if you don't "cooperate". They will threaten to arrest you. However these are generally lies to get you to do what they want (allow a search, etc). If you don't "cooperate" they won't actually arrest you 99% of the time because they haven't got anything on you.

    • Yup, shut up. Nothing good can come from talking. I'm amazed to see how many prosecutions happen where if the person had just shut up they would have had no evidence.

  • rubbish (Score:4, Insightful)

    by Anonymous Coward on Saturday May 16, 2015 @06:21PM (#49707623)

    As I professional pilot can I say that while I have no insight into what may or may not actually have happened on this flight, the write-up in the article is utter bollocks from a flight dynamics perspective. If the case really rests on such a flimsy explanation of what happened than the FBI need some above from somebody who knows anything whatsoever about aircraft and flight dynamics.

  • Am I reading this right? This guy accessed the plane's avionics through the in-flight entertainment system?!? I don't believe it. There's no way that entertainment/wifi/anything-accessible-to-a-passenger could in anyway be connected to those critical systems...is there?
    • Re: (Score:2, Interesting)

      i would not put it past any bean counter for cost cutting

      the entertainment and flight systems both use similar hardware

      and entertainment system built 5 to 10 years ago for the usage bandwidth of FIVE to TEN YEARS ago will fail left and right with today's demand

      so the entertainment system is a VERY soft target
      once in ????????

      • According to TFA, he didn't accomplish the hack via WiFi. The inflight entertainment screens have a wired connection, and he connected to them by plugging an ethernet cable into that system (supposedly accessible if you take the right cover off the right box under the seat).

        I wouldn't have thought that this system is connected to vital systems, but TFA notes that the seat-back satellite phones are connected to this same system, which seems reasonable.

        So, maybe it makes sense that everything is connected for

    • There's no way that entertainment/wifi/anything-accessible-to-a-passenger could in anyway be connected to those critical systems...is there?

      There should be no tie between the control and entertainment networks. I would be surprised if there aren't regulations that forbid it. My guess is this simulated system was not like the real ones. It certainly isn't clear what really was done.

      • by plover ( 150551 )

        There's no way that entertainment/wifi/anything-accessible-to-a-passenger could in anyway be connected to those critical systems...is there?

        There should be no tie between the control and entertainment networks. I would be surprised if there aren't regulations that forbid it. My guess is this simulated system was not like the real ones. It certainly isn't clear what really was done.

        If there is no tie between the entertainment and nav systems, then it becomes difficult to explain the seatback display of the current flight information. At some point the data has to move from one system to the other. That takes a lot more than "no tie".

        • Good point. I would not assume that flight information is from the nav and control systems. But it could be, in which case they could use one-way data isolation devices to eliminate the possibility of anything on the entertainment system negatively impacting navigation controls. That would technically be a "tie", but not one that could be exploited.
          • by plover ( 150551 )

            Good point. I would not assume that flight information is from the nav and control systems. But it could be, in which case they could use one-way data isolation devices to eliminate the possibility of anything on the entertainment system negatively impacting navigation controls. That would technically be a "tie", but not one that could be exploited.

            Yes, they *could* have used some kind of special 'data diode' isolation device, but then the researcher probably wouldn't have been able to jump networks in the lab, or, as stated in TFA, "He told WIRED that he did access in-flight networks about 15 times during various flights but had not done anything beyond explore the networks and observe data traffic crossing them".

            Car networks (CAN bus) have a similar weakness in that the infotainment systems have previously been breached, allowing attackers access to

            • You may be right, but unfortunately the guy is always vague on what and where he actually did anything, and seems to purposely conflate his simulator hacks with his real world ones. Seeing data that is passed one way from the primary flight control system is not the same as having control withing that system. I still would be surprised if primary controls were not isolated from generic data networks on the plane. There could be a plane data network that passed information to both, or between systems as well
    • (Replied to wrong comment above; reposting here.)

      According to TFA, he didn't accomplish the hack via WiFi. The inflight entertainment screens have a wired connection, and he connected to them by plugging an ethernet cable into that system (supposedly accessible if you take the right cover off the right box under the seat).

      I wouldn't have thought that this system is connected to vital systems, but TFA notes that the seat-back satellite phones are connected to this same system, which seems reasonable.

      So, mayb

    • Re: (Score:3, Informative)

      by Anonymous Coward

      I work in the industry and have a decent understanding of these systems as I write software for them. In-flight entertainment systems ARE wired to critical systems but typically through buses that do not allow bidirection communication. in-flight entertainment systems require input from critical systems so they can know the city pair for route based content as well as other aircaft data for driving the moving map among other things. (altitude, heading, ground speed, lat, lon, etc, etc.) This data is typ

  • The Wired and other headlines at Drudge Report and other places are false. The "Feds" did not say he tampered with anything. They only say that he said that he did. There is no evidence that he did what he said he did.

    It's ironic that he had just lost funding for his long-time project to try to prove that flight control systems could be tampered with . . .

  • FBI agents had spoken with Roberts several times, according to the document. They told him that accessing an airplane network without authorization was a violation of federal statues.

    Whew, I feel safer already! I'm sure this will prevent anybody from doing anything bad to the flight computer, ever! /sarcasm

  • Excel (Score:5, Funny)

    by bidule ( 173941 ) on Saturday May 16, 2015 @07:40PM (#49707939) Homepage

    Did he use Excel to land the aircraft?

  • by Anonymous Coward on Saturday May 16, 2015 @07:47PM (#49707961)

    It's sad when the FBI makes a statement and I automatically don't believe them.

  • I'm starting to think that Slashdot thinks that people who have no idea what the hell they're doing shouldn't be making airplanes, medical devices, Lexuses, and smart refrigerators.
  • by shellster_dude ( 1261444 ) on Saturday May 16, 2015 @08:40PM (#49708227)
    The FBI asks him to describe what he was able to accomplish in his theoretical lab. He does, they cut and paste it into the affidavit leaving out the part that it was in a simulated environment. You should never believe what's in an affidavit, it's designed to get a warrant, or get a DA to prosecute, not to be truthful.
  • The guy actually said he had never truly tampered with flight control systems EXCEPT in simulator settings. So, no, he never hacked into real planes.
  • LEAs are not rational actors. You will get fucked if you assume otherwise. Your hubris can and will be used against you.

  • The FBI has a track record that makes the Keystone Cops look competent by comparison.

  • What if.... (Score:4, Insightful)

    by rew ( 6140 ) <r.e.wolff@BitWizard.nl> on Sunday May 17, 2015 @02:20AM (#49709317) Homepage

    What if the protection on planes is so bad that a passenger can use the inflight entertainment system to gain virtual access to the controls of the plane?

    Suppose you are a security researcher and find this out. What do you do? Tell boeing! They... do nothing. Tell the airline! They.... do nothing.

    It all starts with a belief issue. You hack into the entertainment system, compromise the firewall and see plane-control messages flying around on the network you now have gained access to. This is enough for a sufficiently technical person to be convinced of having gotten too far for comfort. At that point you know you are only one step away from taking control of the airplane.

    Tell anybody less technical about it and they will not be convinced that you'd be able to move the plane. For example, today with this news today someone already voiced: "he might only THINK he moved the plane" (... while in fact the pilots initiated that maneuver).

    So... to prove to the world that there indeed is a dangerous situation, you need to actually make the plane move.

    And this is where everybody gets their panties in a knot. Suddenly the guy who reports that the planes are not secure enough is the bad guy and needs to be thrown in jail.

    Examples of people reporting security problems and being ignored include: On a saturday night two men walking their dogs notice that the bank has left a window open. A person can just climb into.. the bank! So monday morning they walk into the bank, tell them about it, bank says thank you and... nothing happens. Next weekend, window is again left open. So they tell the bank again. And again. After a few times, to prove the point, they decide to climb in, and photograph what access they have once inside the bank. They got into a lot of trouble for that. But since then, the window has been closed.

    Personally I have reported security problems in computers without going that extra mile of "making the plane move". In one instance I've reported such a misconfiguration to over 100 system administrators. Two hours later, saturday afternoon, the first response: "Thanks, fixed". Come monday morning, one response: "we know, not a security issue, get lost.". And all others were "no response". A year later more than 50% of the computers where I reported the configuration error were still vulnerable.

    With laws being written in such a way that the "white hats" (*) can be thrown in jail, we create an environment where the white hats are either ignored or thrown in jail. Before you know it, the "white hats" are too afraid to report anything and stop reporting real problems. In that situation, you only find out the problems when a bad guy ends up crashing a plane.

    Boeing: invite the guy over to show you the problem. Once that hole has been closed, invite him over, pay his hotel an meals for a week while he hacks at a "fixed" plane on the ground at your facilities. Credit him for making aviation safer.

    (Do this, before someone makes it stick that: "Boeing created this system with such bad security that it put passengers at risk.").

    (*) the researchers that report the problems they find without causing real harm,

    • What do you do if you find a vulnerability in an aircraft? Unless you work for Boeing, if you don't want to go to jail, my advice would be to STFU. This is a case of no good deed will go unpunished.

    • by voss ( 52565 )

      Thats not what he did, instead he was bragging in public about he could he could hack a plane and alter engine control messages posting tweets such as "pass oxygen on" and he was getting on a plane again...If I were an fbi agent id pull him off the flight myself. Now after the fact cooler heads should have prevailed and im sure the FBI and Boeing ought to be willing to listen to him.. On the other hand If he had done what you had said I would be completely sympathetic.

With your bare hands?!?

Working...