A cybersecurity consultant told the FBI he hacked into computer systems aboard airliners up to 20 times and managed to control an aircraft engine during a flight, according to federal court documents.
Chris Roberts was detained by the FBI in April following a United Airlines flight to Syracuse, New York, after officials saw Twitter posts he made discussing hacking into the plane he was traveling on.
An FBI search warrant application filed in the U.S. District Court for the Northern District of New York describes the investigation of Roberts for possible computer crimes.
During FBI interviews in February and March, the document says, Roberts told investigators he hacked into in-flight entertainment systems aboard aircraft. He claimed to have done so 15 to 20 times from 2011 to 2014.
He also said, according to the document, that once he had hacked into the systems and then overwrote code, enabling him to issue a “CLB,” or climb, command.
“He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights,” the document says.
Roberts said he knew of vulnerabilities aboard three types of Boeing aircraft and one Airbus model. He hacked into in-flight entertainment systems made by Thales and Panasonic, he told agents, according to the document.
Canada’s APTN first reported on the document.
Roberts has said on Twitter that he’s been advised not to say much, but he has tweeted that his only interest is “to improve aircraft security” and accused the FBI of “incorrectly” condensing five years of his research into one paragraph.
“Lots to untangle,” he tweeted.
Roberts did not immediately reply to CNN messages seeking a response, and in an interview with Wired magazine, he declined to say whether he had hacked the flight mentioned in the federal affidavit. In that article, he said a key paragraph was out of context.
“That paragraph that’s in there is one paragraph out of a lot of discussions, so there is context that is obviously missing which obviously I can’t say anything about,” he said. “It would appear from what I’ve seen that the federal guys took one paragraph out of a lot of discussions and a lot of meetings and notes and just chose that one as opposed to plenty of others.”
The FBI document says the bureau’s agents and technical specialists “believed that Roberts had the ability and the willingness to use the equipment then with him to access or attempt to access the in-flight entertainment systems and possibly the flight control systems on any aircraft equipped with an in-flight entertainment system, and that it would endanger public safety to allow him to leave the Syracuse airport that evening with that equipment.”
Roberts said he used a modified Ethernet cable to connect his laptop to an electronic box underneath his seat that controls the entertainment system. From there, he hacked into the airplane’s computer nerve center, the document cites Roberts as telling the FBI.
On April 15, United Airlines told the FBI that Roberts had posted tweets about hacking into the plane he was traveling on and possibly activating the emergency passenger oxygen masks, the document says. At the time, Roberts was traveling on a United flight from Denver to Chicago, then connecting to Syracuse.
FBI agents tracked the aircraft that Roberts traveled on from Denver to Chicago and found signs of tampering and damage to electronic control boxes that connect to in-flight entertainment systems. The boxes tampered with were under the seat where Roberts sat and the one in front of his seat, the warrant application says.
Roberts told agents he didn’t hack into the systems aboard the Denver-to-Chicago flight.
The FBI search warrant said agents seized computer equipment, including a laptop and an iPad, as well as thumb and external drives.
The thumb drives contained “nasty” malware, Roberts said, that could be used to compromise computer networks, according to the FBI document.
One of the plane manufacturers has cast doubt on the hacking claims. Boeing said its entertainment systems are “isolated from flight and navigation systems.”
The company further said that it does not discuss its planes’ design features for security reasons, but said, “It is worth noting that Boeing airplanes have more than one navigational system available to pilots. No changes to the flight plans loaded into the airplane systems can take place without pilot review and approval. In addition, other systems, multiple security measures, and flight deck operating procedures help ensure safe and secure airplane operations.”
Airbus has not yet issued a response, but previously, it has said it has security measures, such as firewalls, that restrict access and the company “constantly assesses and revisits the system architecture” to make sure planes are safe.