FBI docs: Banned hacker says he commandeered a plane
When Chris Roberts attempted to board a United flight from Colorado to San Francisco to speak at a major security conference there in April, the airline's corporate security stopped him at the gate.
Just days earlier, Roberts had been removed from a United flight by the FBI after landing in Syracuse, New York, and was questioned for four hours. His crime? He had jokingly suggesting on Twitter he could get the oxygen masks on the plane to deploy. Authorities also seized Roberts' laptop and other electronics, although his lawyer said at the time he hadn't seen a search warrant.
An airline spokesman confirmed at the time that the Tweets were the reason for Roberts' investigation, and added: "However, we are confident our flight control systems could not be accessed through techniques he described."
The FBI believes the spokesman's confidence is unfounded, however, as new court documents suggest feds investigating the case think Roberts has already hacked into a flight while on board, and commandeered it, according to multiple reports.
The expert online security researcher was interviewed in February and March by FBI officials, according to APTN, a Canadian news organization that obtained the court documents about Roberts' case.
During the interviews, "He stated that he successfully commanded the system he had accessed to issue the 'CLB' or climb command. He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights," said the affidavit, signed by F.B.I. agent Mike Hurley.
The documents say Roberts accesses the plane's controls via the in-flight entertainment system, his laptop, and an Ethernet cable.
APTN reports Roberts told the F.B.I. that he has discovered vulnerabilities in the in-flight entertainment systems of Boeing 737-800, 737-900 and 757-200 aircraft along with Airbus A-320s.
Wired magazine reports Roberts admitted to them as well as the FBI he has accessed "in-flight networks about 15 times during various flights but had not done anything beyond explore the networks and observe data traffic crossing them."
For his part, Roberts has repeatedly claimed publicly he is not attempting anything malicious.
The Government Accountability Office has said that some commercial aircraft may be vulnerable to hacking over their onboard wireless networks.
"Modern aircraft are increasingly connected to the Internet. This interconnectedness can potentially provide unauthorized remote access to aircraft avionics systems," its report found.