Chris Roberts, a cybersecurity consultant, has told the US FBI that he has hacked into computer systems onboard aircraft in flight up to 20 times and had even managed to control an aircraft engine during a flight. Roberts was arrested by the FBI in April following a United Airlines flight to Syracuse, New York, when he had posted on Twitter that he was planning to hack into the aircraft he was currently traveling on.
Roberts, who is under investigation for possible computer crimes, told FBI that he had hacked into in-flight entertainment systems aboard aircraft 15 to 20 times from 2011 to 2014. During one hack he claims to have overwrote code to issue a climb, command, which resulted in the lateral movement of the plane during flights.
Roberts claims he can take advantage of vulnerabilities on three types of Boeing aircraft and one Airbus aircraft, while he claims to have hacked into in-flight entertainment systems made by Thales and Panasonic.
The FBI investigators believe that Roberts “had the ability and the willingness to use the equipment then with him to access or attempt to access the in-flight entertainment systems and possibly the flight control systems on any aircraft equipped with an in-flight entertainment system, and that it would endanger public safety to allow him to leave the Syracuse airport that evening with that equipment."
Boeing has stated that its entertainment systems are "isolated from flight and navigation systems” and that its aircraft have more than one navigational system available, which means no changes to the flight plans loaded into the airplane systems can take place without pilot review and approval"
Airbus has also stated in the past that its aircraft have appropriate firewalls in place to restrict access.
Airline Economics has reported on the risks of this sort of cybercrime in Issue 22 – read more by clicking herewww.airlineeconomics.co