Hacker explains to FBI how he steered airliner mid-flight

A computer security expert has revealed that he accessed aircraft control systems on up to 20 occasions, according to an FBI search warrant.

The founder of One World Labs, Chris Roberts, was detained for questioning and had his hardware confiscated in April by federal agents after exiting a United flight from Chicago to Syracuse, New York following a tweet suggesting he might attempt to hack into a flight’s entertainment system.

In a search warrant application, obtained by APTN National News, Roberts previously claimed to have told agents that during his research he used his skills and equipment to gain access to the aircraft control systems on as many as 20 occasions.

“During these conversations, Mr. Roberts stated … that he had exploited vulnerabilities with IFE systems on aircraft while in flight. He compromised the IFE systems approximately 15 to 20 times during the time period 2011 through 2014. He last exploited an IFE system during the middle of 2014,” FBI Special Agent Mark Hurley wrote in his application.

During at least one of these “test” flights, Roberts “stated that he then overwrote code on the airplane’s Thrust Management Computer while aboard a flight,” the document claims. “He stated that he successfully commanded the system he had accessed to issue the CLB or climb command. He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane.”

The court document does not mention during which particular flights the interference with the aircraft controls took place.

According to the affidavit, Hurley met with Roberts in February and March to discuss IFE security vulnerabilities with regards to the Boeing 737 and 757, and Airbus A320 aircraft. It was during these interview sessions that Roberts revealed that his hacking into IFE that was produced by Panasonic and Thales.

When Roberts revealed his hacking abilities, Hurley writes that he had warned the programmer that accessing plane’s in-flight systems without authorization is a federal crime. Roberts, at the time said he understands and promised not to engage in such activity.

But after his April 15 tweet, the FBI apparently alleged the security expert could attempt to repeat success, and did go on to detain and question the man. The agents and technicians who inspected the aircraft which he flew to Chicago, before connecting to New York, allegedly found tampering on two electronic boxes next to Roberts’s seat. According to affidavit, one of the electronic boxes had been damaged.

“Technical specialists with the FBI believed that he may have just [hacked the plane’s system] again, or attempted to do so using the equipment then in his possession,” it said.

When the agents confiscated Roberts’ equipment in Syracuse – including a MacBook, an iPad, three hard drives and numerous removable USB flash drives – he denied hacking into any systems during the flight from Denver to Chicago.

“We believed that Roberts had the ability and the willingness to use the equipment … to access or attempt to access the IFE and possibly the flight control systems … and that it would endanger public safety to allow him to leave the Syracuse airport that evening with the equipment,” Hurley’s report states.

Roberts meanwhile told the Wired that the FBI has taken his remarks about hacking out of context of their comprehensive discussions with the agency.