Youtube / Femand XYZ
A security researcher by the name of Chris Roberts has been accused by the federal government of hacking into a plane computer system. This past weekend the FBI issued a search warrant application, detailing a few of the hacks he allegedly performed, Wired reports.
Though the researcher is now backtracking about what sort of in-flight hacking he performed, now you can see firsthand his previous boasts.
Uploaded in November of 2012, a YouTube video shows a presentation made by Roberts called "By Land, By Sea, By Air" for the GrrCON hacking conference. In it, the researcher talks about hacking methods aimed at various modes of transportation.
The description said, "This time we're going to release a few 'options' for DIY take-overs."
At around 19 minutes into the presentation Roberts turned his attention toward planes. He mentioned a flight he took earlier in the week. While flying on this plane, Roberts said he "made friends with the firewall." The researcher continued describing his uninvited in-flight network tour until he came upon a vulnerable open-sourced web server in the plane's network called an Apache Tomcat.
"It's not patched," he told the audience. "Have fun with it," he paused chuckling to himself, "carefully."
Roberts deemed all of this airplane hacking as "simple stuff."
After describing these vulnerabilities in the in-flight system, Roberts ended this section with a challenge:
I challenge you: Next time you're on the airplane that has go-go wireless, see how far through the firewall you can get. See if you can get to the ground-base communication that they use. See if you can get to the IntelliBus architecture. Please don't take the airplane out of the sky.
You can see this part of the YouTube video below.
And this video shows him calling to the hacking community to go even further, albeit "carefully."
While Robert's pseudo-boasts went unnoticed for years, he is now in hot water precisely for saying this sort of stuff.
The FBI, in its search warrant application, say that Roberts admitted to the authorities that he was able to hack into a plane and alter its movements. In fact, according to the authorities, he was once even able to make a plane go sideways using only code.
But many security researchers have called into question some of the allegations. Security Researcher Jonathan Zdziarski, for example, told Business Insider via email that Roberts' claims that he was able to take control of one single engine, causing the plane to go lopsided, simply "don't make sense." He added that he has no specific experience with aircraft control systems.
Zdziarski's best guess is that "Roberts probably hacked on some simulators, learned the flight computer protocols, perhaps even analyzed some plane schematics, and was perhaps seeking some venture capital which may have led to a few initial embellishments before he thought FBI would take his wise-cracks seriously."
Boeing's response to the FBI seems to validate what experts like Zdziarski say. The airplane manufacturer issued a swift statement, plainly claiming that the in-flight entertainment system (which Roberts claims he was able to hack) is completely separate from the flight and navigation systems.
Roberts, perhaps realizing the gravity of his earlier words, told Wired that the FBI claims are out of context. He wouldn't, however, get into much more detail.
This case remains one of the most bizarre public hacking sagas to date. While it's unclear whether or not he was able to actually control a plane's movements, he has been speaking publically about his ability to perform such hacks for years.