HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Main » Latest Breaking News (Forum) » FBI: researcher admitted ...

Sat May 16, 2015, 05:11 PM

FBI: researcher admitted to hacking plane in-flight, causing it to “climb”

Source: Ars Technica

Chris Roberts "overwrote code" on Thrust Management Computer, according to affidavit.

A newly-published search warrant application shows that an aviation computer security researcher told the FBI that he briefly took control of at least one commercial airliner. The warrant, which was filed in a federal court in New York state, was first published Friday by APTN, a Canadian news site.

According to the affidavit for the warrant application, the researcher, Chris Roberts, told the FBI that he:

"connected to other systems on the airplane network after he exploited/gained access to, or "hacked" the (in-flight entertainment) system. He stated that he then overwrote code on the airplane’s Thrust Management Computer while aboard a flight. He stated that he successfully commanded the system he had accessed to issue the climb command. He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights. He also stated that he used Vortex software after compromising/exploiting or "hacking" the airplane’s networks. He used the software to monitor traffic from the cockpit system."

Roberts did not immediately respond to Ars’ request for comment, but he told Wired on Friday that this paragraph was taken out of context.

<snip>


Read more: http://arstechnica.com/security/2015/05/fbi-researcher-admitted-to-hacking-plane-in-flight-causing-it-to-climb/

35 replies, 4230 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 35 replies Author Time Post
Reply FBI: researcher admitted to hacking plane in-flight, causing it to “climb” (Original post)
bananas May 2015 OP
Chemisse May 2015 #1
PersonNumber503602 May 2015 #22
randome May 2015 #24
cosmicone May 2015 #2
rjsquirrel May 2015 #6
rickford66 May 2015 #7
bananas May 2015 #12
rickford66 May 2015 #17
certainot May 2015 #18
rickford66 May 2015 #19
Hassin Bin Sober May 2015 #27
rickford66 May 2015 #29
Hassin Bin Sober May 2015 #31
rickford66 May 2015 #32
Hassin Bin Sober May 2015 #33
rickford66 May 2015 #34
rickford66 May 2015 #30
DisgustipatedinCA May 2015 #28
jakeXT May 2015 #8
bananas May 2015 #14
Wilms May 2015 #15
billhicks76 May 2015 #16
Lodestar May 2015 #3
wildbilln864 May 2015 #26
rickford66 May 2015 #4
heaven05 May 2015 #5
LisaL May 2015 #23
LisaL May 2015 #9
jakeXT May 2015 #10
billhicks76 May 2015 #13
jtuck004 May 2015 #11
Jesus Malverde May 2015 #20
pugetres May 2015 #21
marble falls May 2015 #25
Blue_Tires May 2015 #35

Response to bananas (Original post)

Sat May 16, 2015, 05:15 PM

1. One wonders in what context these comments would have been okay.

Unless he said it right after, "I dreamed last night . . . ", then I can't think of any way this could look better for him.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Chemisse (Reply #1)

Sat May 16, 2015, 10:36 PM

22. He could have led with "I would never do any of the following...."

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Chemisse (Reply #1)

Sun May 17, 2015, 08:33 AM

24. Both of you made me chuckle.

 


[hr][font color="blue"][center]No squirrels were harmed in the making of this post. Yet.[/center][/font][hr]

Reply to this post

Back to top Alert abuse Link here Permalink


Response to bananas (Original post)

Sat May 16, 2015, 05:20 PM

2. The flight entertainment system is an add-on and not part of the aviation

 

The guy is clearly boasting and bragging about something that is impossible to do.

It is almost like someone saying, "I was on a White House tour and launched an ICBM"

Reply to this post

Back to top Alert abuse Link here Permalink


Response to cosmicone (Reply #2)


Response to cosmicone (Reply #2)

Sat May 16, 2015, 05:26 PM

7. You got in before me. I type slow.

You are correct. This is a hoax of some kind. The flight computer is an isolated computer. I've had access to code of some in development. No way can they be accessed from outside.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to rickford66 (Reply #7)

Sat May 16, 2015, 06:43 PM

12. Apparently on some systems they aren't isolated.

There doesn't seem to be a question as to whether or not he could issue flight control commands, only whether or not he did.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to bananas (Reply #12)

Sat May 16, 2015, 07:30 PM

17. I haven't worked on a Boeing aircraft system since right before the 777

If the Boeing 777 and beyond is able to be hacked, it's probably the only one. I've worked on many simulator avionics systems and they are all similar. Did Boeing design and build their own ? Possible, but I doubt it. Too costly even for them. The only connection I recall for any flight computer I worked on was through the data loader. It's a maintenance function only. I've worked on 727, 737, 757, 767, 747-400, DC8 DC9 MD11, A320, Falcons (10,50,90), EMB120, Dash 8, C17, C141, C130, CII, CIII, three different Gulfstreams, all the Lears, Hawker, A10, some helicopters and a bunch more over 35 years. I would appreciate anyone with knowledge of Boeing commercial systems to explain how a person can access the flight computer while sitting in coach, or first class even. I've been retired for a few years and am back to work temporary so I will be asking some of my buddies about this. I really have serious doubts.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to rickford66 (Reply #17)

Sat May 16, 2015, 07:37 PM

18. i remember reading there was a navcom system that one of the main US

manufacturers was trying to sell for commercial airlines and the german aviation minister rejected it for german planes because it could be remotely controlled.

that was something cheryl seal reported on maybe 20 years ago but i can't remember the details and don't know if that relates here.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to certainot (Reply #18)

Sat May 16, 2015, 08:03 PM

19. Don't know about it but ...

something like that could give false navigation information, but it wouldn't take over the flight computer. The aircraft at worst could be flown manually. Modern flight computers take in several different types of data, compares them and "votes" on which is most reliable. Taking control of an aircraft would involve somehow falsifying GPS, DME, VOR, and magnetic compass data as a start. Any awake crew member would certainly retake control. I doubt there's any way to modify INS (gyro) outputs. That alone could on its own be used to safely fly.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to rickford66 (Reply #19)

Sun May 17, 2015, 11:35 AM

27. I'm only a private pilot so I don't know about the sophisticated flight management systems.

But does the company do any pre-loading of the flight management system? If so, how?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Hassin Bin Sober (Reply #27)

Sun May 17, 2015, 12:54 PM

29. from my experience

The airline maintenance consists of monthly updating the data bases. Flight crews either enter their flight plans as needed or can have them pre-loaded and saved. The avionics computers would need periodic updating and in the past were sent to the manufacturer. I don't know about today. As for this post about the hacker. I still have many doubts. I have worked on flight and engine control computers. Changing even one instruction involves intimate knowledge for the code. A hacker would first have to gain access to the code for that particular computer (ie revision level etc). They would have to have a patch ready to install all at once or the thing would halt. It would have to agree with the checksum for the particular load cycling. Since most computers have two or more channels, all of them would have to agree or the odd one would be disabled. Most of my work has been stimulating avionics on simulators but for a few years I did work on the real boxes and know how difficult it is to change code on firmware. These aren't like your PCs at home. There's no hard disc to access. The program is burned onto chips and the temporary data, flight plans etc, are in a flash type of memory and can be altered by the pilot or maintenance crew as needed. I don't know if I'm helping explain the obstacles, but I personally didn't like working on the real boxes because it was so restricting. It might take a whole shift to make a small change. Also, as a pilot, what are your thoughts to the hackers assertion that increasing the thrust on one engine cause the aircraft to climb? If as I assume they were on autopilot, the autopilot would adjust to try to keep the selected heading and altitude and the crew would certainly know there was a problem. They wouldn't need to wait for the hacker to tell the FBI. If this guy is correct, and I doubt it, he would have to be one of the people who has worked on the particular computer and load on that aircraft and has maybe somehow had code previously in the load that he could activate by setting a flag. But there's so many checks with this stuff, that would be one in a zillion chance. Sorry to ramble on but things keep popping into my gray matter from the past.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to rickford66 (Reply #29)

Sun May 17, 2015, 01:32 PM

31. My only experience with the the flight management systems is home simulation and youtube..

.... videos so I have only a CURSORY understanding how they operate.

The reason I asked is I've seen pilots talk about the company planning routes for the pilots and I was wondering if there was any other way those routes made it in to the FMC other than the paper we see the pilots unfolding in the cockpit.

I agree that any change in engine thrust (especially one engine) would be caught almost immediately unless the pilots are sleeping. And the AP would definitely compensate until alarm bells and whistles started to go off and/or the AP disconnected.

I might take a mosey over to airliner.net. It looks like they have a few threads on the issue.

Interesting subject and thanks for your insight!

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Hassin Bin Sober (Reply #31)

Sun May 17, 2015, 01:45 PM

32. The flight plans can certainly be downloaded in advance.

Many years ago an Air NZ tourist flight crashed in Antarctica due to a faulty flight plan that drove them into a mountain. The plane did what it was told. The pre-recorded plans are usually downloaded in advance for their regular airline routes. If you get any info on the hacker please post it for us.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to rickford66 (Reply #32)

Sun May 17, 2015, 02:01 PM

33. Ah yes. That crash must have been in the back of my mind.

I just re watched that story about the NZ crash a couple weeks ago. The company changed the route in the FMC.

So how do they do that? Do they physically enter the plane and key in the route?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Hassin Bin Sober (Reply #33)

Sun May 17, 2015, 02:53 PM

34. From what I remember from the book.

The pilot keyed in the flight plan on some media (a floppy back then?) and downloaded it during preflight once in the cockpit. (of course he could have keyed it in while in the cockpit, but I don't think he did) He was accused of errors but was later vindicated because he used faulty data supplied to him. (an incorrect waypoint I think). The airline tried to cover this up but eventually got caught. I had wintered over in Antarctica in 1970 and this accident happened not long after (a couple years?) So since I had ties to both the ice and NZ and flight simulation this was very compelling reading for me. One of the things I remember about it was the Navy who ran McMurdo discouraged any non-military flights (private or commercial) and warned everyone they wouldn't co-operate with navigation info or problems. I know one private plane did come through with a lot of pre-planning and permissions. Somebody was circumnavigating the Earth over the poles. I think his plans ended at the South Pole due to mechanical problems. The Navy was busy enough with cargo and personnel flights to stop operations for unscheduled flights. The only place a non-skied equipped aircraft could land was the ice runway. tricky at best especially with no help from our traffic control. The tourist flights, as interesting as they probably were, were an accident waiting to happen. By the way, the NZ aircraft was in overcast conditions and never saw the mountain. Even on clear days I understood that it was hard to fly by visual flight rules.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Hassin Bin Sober (Reply #27)

Sun May 17, 2015, 12:57 PM

30. I should add one more thing

If one gets access to the code on the box, all you'd see is ones and zeros. It's not like you'd see the actual source code. Good luck know which ones and zeros to change.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to rickford66 (Reply #17)

Sun May 17, 2015, 11:43 AM

28. I heard something about this on NPR a couple of weeks ago.

 

They were talking about some of the newer Airbus models (not sure which) and saying the flight controls could be compromised through the plane's wifi system. This had me yelling at my car radio. I don't know planes, but I do know networks, and permitting passenger wireless to get anywhere near the aircraft's flight control systems is insane. In the end, I couldn't decide whether this idiotic thing was actually done, or whether someone felt there was propaganda value in making us all afraid of such a possibility.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to cosmicone (Reply #2)

Sat May 16, 2015, 05:28 PM

8. The federal register disagreed on the Boeing 777

Special Conditions: Boeing Model 777-200, -300, and -300ER Series Airplanes; Aircraft Electronic System Security Protection From Unauthorized Internal Access


These special conditions are issued for the Boeing Model 777-200, -300, and -300ER series airplanes. These airplanes, as modified by the Boeing Company, will have novel or unusual design features associated with the architecture and connectivity of the passenger service computer network systems to the airplane critical systems and data networks. This onboard network system will be composed of a network file server, a network extension device, and additional interfaces configured by customer option. The applicable airworthiness regulations do not contain adequate or appropriate safety standards for this design feature. These special conditions contain the additional safety standards that the Administrator considers necessary to establish a level of safety equivalent to that established by the existing airworthiness standards.

https://www.federalregister.gov/articles/2013/11/18/2013-27343/special-conditions-boeing-model-777-200--300-and--300er-series-airplanes-aircraft-electronic-system

Reply to this post

Back to top Alert abuse Link here Permalink


Response to jakeXT (Reply #8)

Sat May 16, 2015, 06:44 PM

14. Thanks for some facts. nt

Reply to this post

Back to top Alert abuse Link here Permalink


Response to bananas (Reply #14)

Sat May 16, 2015, 06:59 PM

15. Here's some more...

 

Reply to this post

Back to top Alert abuse Link here Permalink



Response to bananas (Original post)

Sat May 16, 2015, 05:21 PM

3. Remote control technology has been available to gov for some time...

planes COULD be flown into buildings...if you get my drift.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Lodestar (Reply #3)

Sun May 17, 2015, 10:55 AM

26. yeppers! n/t

 

Reply to this post

Back to top Alert abuse Link here Permalink


Response to bananas (Original post)

Sat May 16, 2015, 05:22 PM

4. I doubt this.

From my experience, the entertainment system is just like a DVD player. The only connection to the aircraft systems would be electrical power and a relay to turn it on and off etc. Maybe a current aircraft mechanic out there could comment.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to rickford66 (Reply #4)

Sat May 16, 2015, 05:25 PM

5. the entertaiment systems mean nothing

 

Last edited Sun May 17, 2015, 08:19 AM - Edit history (1)

compared with this jerk causing problems with the flight controls of a civilian aircraft. If true, wow!

Reply to this post

Back to top Alert abuse Link here Permalink


Response to heaven05 (Reply #5)

Sun May 17, 2015, 12:10 AM

23. Apparently he also made the plane to fly sideways.

"A computer security expert hacked into a plane's in-flight entertainment system and made it briefly fly sideways by telling one of the engines to go into climb mode."

Presumably he could have caused it to crash, if he wanted to. That suggest a terrorist with a computer expertise could do just that.

http://www.usatoday.com/story/tech/2015/05/16/chris-roberts-fbi-plane-hack-one-world-labs/27448335/

Reply to this post

Back to top Alert abuse Link here Permalink


Response to bananas (Original post)

Sat May 16, 2015, 05:32 PM

9. Ever since Germanwings, people have been suggesting that ground control should be

able to take over the plane if needed.
But then how do you know who is working ground control?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to LisaL (Reply #9)

Sat May 16, 2015, 05:47 PM

10. Did Bush deliver ?

We will invest in new technology for aircraft security, with grants to develop transponders that cannot be switched off from the cockpit; video monitors in the cockpit to alert pilots to trouble in the cabin -- (applause) -- and we will look at all kinds of technologies to make sure that our airlines are safe -- and for example, including technology to enable controllers to take over distressed aircraft and land it by remote control. (Applause.)

http://georgewbush-whitehouse.archives.gov/news/releases/2001/09/20010927-1.html

Reply to this post

Back to top Alert abuse Link here Permalink


Response to LisaL (Reply #9)

Sat May 16, 2015, 06:43 PM

13. 911

 

911

Reply to this post

Back to top Alert abuse Link here Permalink


Response to bananas (Original post)

Sat May 16, 2015, 06:03 PM

11. "InfoSec Professional Finds His Definition of Humor is Too Broad. Film at 11".

 



I seriously doubt his claim, but I'm glad they had a conversation with him.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to bananas (Original post)

Sat May 16, 2015, 08:46 PM

20. Biggest question for me is, the flight control system connected to the inflight entertainment system

That's dumb and dangerous engineering design. I'd like to know more about the architecture of the system.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to bananas (Original post)

Sat May 16, 2015, 09:21 PM

21. The Wired article has some good info if true.

 

It sounds like between 2010 and last year, Chris Roberts had talked to airline manufacturers and the FBI about the risk and got absolutely nowhere with either of them. The article made it sound like the tweet was a way to finally get folks to take things seriously - "In response to his tweet, someone else tweeted to him “…aaaaaand you’re in jail.

Roberts responded with, “There IS a distinct possibility that the course of action laid out above would land me in an orange suite [sic] rather quickly

http://www.wired.com/2015/05/feds-say-banned-researcher-commandeered-plane/?mbid=social_twitter

Reply to this post

Back to top Alert abuse Link here Permalink


Response to bananas (Original post)

Sun May 17, 2015, 10:02 AM

25. So what could possibly go wrong with driverless google cars?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to bananas (Original post)

Mon May 18, 2015, 03:34 PM

35. Roberts is bullshittin', plain and simple

Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread