It begins...

http://www.usatoday.com/story/tech/2015/05/16/chris-roberts-fbi-plane-hack-one-world-labs/27448335/

Quote :

"SAN FRANCISCO — A computer security expert hacked into a plane's in-flight entertainment system and made it briefly fly sideways by telling one of the engines to go into climb mode. Chris Roberts of One World Labs in Denver was flying on the plane at the time it turned sideways, according to an FBI search warrant filed in April. The warrant was first publicized on Friday by APTN, a Canadian News Service. Roberts told the FBI he had hacked into planes "15 to 20 times," according to court documents first made public Friday. Roberts first made news in April when he was told he couldn't fly on United Airlines because of tweets he had made about whether he could hack into the flight's onboard computer settings. The FBI search warrant describes him doing just that. According to the document, in an interview on Feb. 13, 2015, Roberts told agents he had hacked into in-flight entertainment centers on Boeing 737s, 757s and Airbus A-320 aircraft "15 to 20 times." The warrant describes how Roberts would wiggle and squeeze the Seat Electronic Box under his seat, which connected to the plane's in-flight entertainment system, or IFE. He would then connect a cable to the box and connect it to his computer. From there, Roberts was able to hack into the plane's IFE system using default IDs and passwords. He overwrote computer code for the planes' thrust management computer, which he told agents allowed him to make the plane climb on his command. At least once, according to the document, he told one engine on a plane to climb, causing the plane to move sideways as it flew. Roberts also used software to monitor traffic from the cockpit, according to the search warrant request. Roberts is a well-known and respected expert on computer security. He told the FBI he was furnishing the information "because he would like the vulnerabilities fixed." APRIL 15 POSSIBLE TAMPERING FBI agents had spoken with Roberts several times, according to the document. They told him that accessing an airplane network without authorization was a violation of federal statues. Roberts told them he understood and that he would not hack into any more airplanes, according to the document. On April 15, Roberts flew United from Denver to Chicago. On the flight, he tweeted about the possibility of accessing the plane's In Flight Entertainment system. The FBI sent an agent to inspect the flight when it arrived in Philadelphia, where it had flown after Chicago. The agent inspected the Seat Electronic Box below seats 2A and 2B and found evidence of damage and tampering. Roberts flew from Chicago to Syracuse, N.Y. When he arrived, FBI agents took him into custody and seized as digital evidence his computer, hard drives and other gear he had with him. The search warrant application was for permission to search Roberts' computer gear. Roberts has not been charged with any crimes. Requests for comment from the FBI, United Airlines and Roberts' company produced no immediate response."

5/17/2015 1:31:58 AM

So he's a white hat looking to prevent potential terrorist attacks. It's obviously a crime to tamper with airplane devices, but I guess dude didn't see another way to have it secured unless he made a show of messing with it and got the issue some press.

5/17/2015 1:52:11 AM

why the hell are the networks for the tv and the engines linked ?

5/17/2015 11:28:00 AM

That was my thought as well.

5/17/2015 11:52:57 AM

why the hell are the networks for the tv and the engines linked ?

5/17/2015 11:58:44 AM

Project managers.

5/17/2015 12:19:16 PM

oh jesus christ

another reason for me to remain terrified of planes =3

I knew it wasn't a completely irrational fear :3333

5/17/2015 1:18:39 PM

Yeah working for the county our customer interface technology resides on a completely separate network from our infrastructure and operations device...

Sounds like a big bunch of stupid to me on the engineers side.

5/17/2015 8:31:19 PM

Yeah working for the county our customer interface technology resides on a completely separate network from our infrastructure and operations device...

Sounds like a big bunch of stupid to me on the engineers side.

5/17/2015 8:31:19 PM

the pilot downloads a virus while watching porn, and the plane crashes

5/17/2015 9:14:25 PM

why the hell are the networks for the tv and the engines linked ?

5/17/2015 9:16:45 PM

apparently someone decided that firewalling the IFE from the flight control network was good enough. and that default passwords were sufficient.


wired article goes in to a bit more depth:

http://www.wired.com/2015/05/feds-say-banned-researcher-commandeered-plane/


That said, I'm more a little bit skeptical of the claims that he made the plane fly sideways. That's not something that hundreds of passengers plus the flight crew wouldn't notice. Such an event would have been reported in the news when it happened, considering that more minor flight events are often reported.

At the end of the day, the bigger issue here is that the plane manufacturers should be raked over the coals on this. What's the FAA doing to improve the security of aviation networks?

5/18/2015 10:59:13 AM

Quote :

" apparently someone decided that firewalling the IFE from the flight control network was good enough. and that default passwords were sufficient."

LOLOLOLOL

5/18/2015 1:27:07 PM

I'm going to take this with a grain of salt.

5/18/2015 4:29:42 PM

well fuck, I'm not flying again.

5/18/2015 6:01:24 PM