Experts: Plane hack through infotainment box seems unlikely.
SAN FRANCISCO — Computer and aviation experts say it seems unlikely a Denver-based cyber-security researcher was able to compromise a jet’s controls via its in-flight entertainment system, making it bank briefly to one side.U.S. law enforcement officials have no credible evidence that commercial airplane cockpits have been hacked from passengers’ seats, contradicting a man who claims he did just that.The FBI is stepping up its investigation of a computer security expert who joked on Twitter about airplane security vulnerabilities, saying he may have previously taken control of a plane. Avionics security researcher Chris Roberts, who has previously published substantial research on airplane hacking, was questioned by FBI agents after a flight in April, and his computer equipment seized.
While most airplanes can’t be hacked because flight-control computers are separate from the connections passengers use, newer aircraft have more interconnections, the U.S. The claim was made by Chris Roberts, the founder of the cybersecurity firm One World Labs, who was escorted from a United Airlines flight last month after sending in-air tweets bragging that he could deploy the oxygen masks. The only thing that a hacker could do would be to prevent someone from watching movies, said Miller, who has tested the vulnerability of in-flight entertainment systems. Apparently, the FBI’s interest was not sparked solely by the tweet, but also by answers that Roberts had given during an interview in February, according to the Canadian news outlet APTN.
The allegation that Mr Roberts said he had affected the actual performance the plane was made in an FBI affidavit applying for a warrant to search his computer, iPad and other electronic items that were confiscated by investigators after the tweeting incident. Security experts say they can’t imagine the airlines and FAA aren’t aware if Roberts was in fact able to illegally access planes control systems “15 to 20 times,” as he told FBI agents when he spoke with them earlier this year. “Pilots know what’s happening with their planes from the smallest maintenance issue up to anything serious,” said Rob Sadowski, director of marketing for RSA, the world’s largest computer security conference. Roberts has consistently maintained that he never actually took control of an airplane outside of computer simulations, though he did acknowledge accessing IFE’s on at least 15 occasions to explore and observe data traffic as part of his research into potential vulnerabilities.
He stated that he thereby caused one of the aeroplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights,” the affidavit said. “He also stated that he used Vortex software after compromising/exploiting or ‘hacking’ the aeroplane’s networks. Roberts is well known and respected in the security industry and speaks at multiple conferences on various security topics, including aircraft security, said Sadowski. Each time he’d pried open the cover of the electronics box located under passenger seats and would connect his laptop to the system with an ethernet cable. The official asked not to be named because an investigation is continuing into Roberts’s claims of tampering, which would be illegal under federal law. Roberts spoke at the most recent RSA conference in April. “As someone in the industry who looks at the design of systems like this, I would find it very hard to believe that these systems were not isolated,” he said.
Roberts was removed from the flight on the same day the US Government Accountability Office released a report warning that hackers could bring down a plane by using onboard Wi-Fi systems. “Connecting your laptop to an in-flight media system or anything on an actual plane with people on it is not the way to conduct security research,” Ken Westin, a security analyst from Tripwire told Fairfax. Alex Stamos, chief information security officer of Yahoo, tweeted: “You cannot promote the (true) idea that security research benefits humanity while defending research that endangered hundreds of innocents.” Roberts hadn’t responded to Fairfax’s request for comment on Sunday, however, he noted on Twitter on Friday that comments in the warrant application were taken “out of context”. “That paragraph that’s in there is one paragraph out of a lot of discussions, so there is context that is obviously missing which obviously I can’t say anything about,” he told Wired. During questioning, Roberts bragged about his ability to hack into the seatback entertainment systems in order to access more sensitive avionics systems, according to an affidavit filed April 17 by Special Agent Mark Hurley.
Details of the warrant emerged as United Airlines launched a new program that will reward researchers with up to one million frequent flyer miles when they report to it new security flaws in its apps, websites and portals but not in-flight systems. We don’t even know what it means to make a plane “move sideways.” It’s important to note: the burden of proof for assertions in an affidavit to obtain a search warrant is quite low.
United’s program is a first for the airline industry but also follows a similar program recently launched by US money transfer giant Western Union with Australian-founded BugCrowd. The FBI had already seized Roberts’ computer and a series of flash drives that were encrypted, and it wanted the right to keep the equipment and examine it for evidence. BugCrowd’s founder Casey Ellis told Fairfax that Australian companies think that paying hackers for reporting bugs is a “crazy” idea from Silicon Valley.
On Sunday night, Qantas head of security Steve Jackson said the airline “complies with, and in many cases exceeds, all regulatory requirements and manufacturers’ recommendations when it comes to the safety and security of our fleet”. “Like everything we do, safety and security are our top priorities. There is a long history of hackers — or for that matter, anyone trying to call attention to a serious problem that’s not getting the attention it deserves — engaging in hyperbole or puffery. Boeing’s entertainment computers receive some data from other aircraft computers, but are isolated from critical aircraft electronics, the company said in a statement. Washington: Penn State University, which develops sensitive technology for the US Navy, said on Fridaythat Chinese hackers have been sifting through the computers of its engineering school for more than two years.
The FBI questioned him again on April 15 because he had sent a message via Twitter indicating he was on a United Continental Holdings Inc. plane, a Boeing 737-800, on a flight from Denver to Chicago. The hackers are so deeply embedded that the engineering college’s computer network will be taken offline for several days while investigators work to eject the intruders. “This was an advanced attack against our College of Engineering by very sophisticated threat actors,” said Penn State President Eric Barron in a letter to professors and students. “This is an incredibly serious situation, and we are devoting all necessary resources to help the college recover as quickly as possible.” The Federal Bureau of Investigation notified the university of the breach in November 2014, spawning a months-long investigation that eventually found two separate groups of hackers stealing data. US engineering schools – Massachusetts Institute of Technology, the California Institute of Technology, Berkeley, Carnegie Mellon, and Johns Hopkins – have been among the top targets of Chinese hacking and other intelligence operations for many years. The GAO issued a report to Congress just a few weeks ago ringing the alarm bell about increased interconnectivity of airplane avionics systems and the risks that poses. These forays have been for both commercial and defence purposes, and universities have struggled to secure their computers against these advanced attacks.
Let’s be clear: Roberts has been very public about his research, and he volunteered all this information to the FBI during discussions in February and March. In addition to online activities, the Chinese have sent legions of graduate students to US schools and have tried to recruit students, faculty members and others at both universities and government research facilities, several recent law-enforcement investigations show. “There is an active threat and it is against not just Penn State but against many different organisations across the world, including higher education institutions,” said Nick Bennett, a senior manager at Mandiant, a security division of FireEye Inc., which aided the university in the investigation. When he landed, the FBI says, agents found evidence that the in-flight entertainment computer (“seat electronic box”) located under his seat showed evidence of physical tampering.
Unless you are a security researcher, the bottom line for you, dear airline passenger: You need not be afraid that someone can hack the movie screen on the seat next to you and take control of the aircraft. If I were getting on an airline during the next week or so, I’d be pretty careful about stray cables hanging needlessly out of my carry-on bag; and I’d make sure I didn’t do anything that might look like I was trying to fiddle with the “seat electronic box” under your seat.