Cyber-Security Researcher Hacks and Controls Plane – Hero or Villain?

Chris Roberts

Chris Roberts – Hacker Who Admitted to Controlling an Airplane by hacking the in-flight entertainment network.


The next time you’re flying and the passenger next to you is on his computer, he/she may be enjoying the in-flight entertainment, or he may be piloting the aircraft. That is exactly what Chris Roberts, a renowned cyber-security expert, was allegedly able to accomplish by hacking the airplane’s network. These actions were reportedly disclosed by Roberts in an interview with the F.B.I. – APTN News initially discovered the details attached to a search warrant application that had been publicly filed by the F.B.I.

According to the report, Chris Roberts has hacked the in-flight entertainment network on airplanes between 15 and 20 times between 2011 and 2014. This instance marks the first documented instance of anyone being able to control the plane via the network. Roberts accomplished this by tapping into the airplane’s network by connecting an Ethernet cable to the electronic box under the passenger seat.  According to the affidavit:

He stated that he successfully commanded the system he had accessed to issue the ‘CLB’ or climb command. He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights,

Roberts has not been charged with a crime as of yet, however, he has been banned from United Airlines. This was the result of a previous incident. Roberts was stopped and searched by the TSA after he tweeted that he could take control of the aircraft’s systems and cause the oxygen masks to deploy. The TSA confiscated the electronic equipment which he had on his person: an iPad, Macbook Pro, 3 Hard-drives, 6 Thumb Drives, and 2 USB cables as reported by APTN. Roberts has since clarified that his tweet was not a display of intent, but a cry of frustration over the poor security measures instated in airplane networks.

However, it appears there is quite a bit more to the story than the documents allude to. Roberts has clarified that his statements were taken out of context and that the interview with the FBI encompassed a conversation that covered five years of history. Roberts had previously stated in an interview with Wired that he had never directly hacked and piloted an airplane in an actual flight situation, only within simulations.

However, the damage has been done. Many other security experts in the industry have scorned Roberts for his “security research” on airplanes with live passengers. As initially reported by Bustle, Yahoo’s Chief Information Security Officer spoke out about Robert’s actions on Twitter:

 

However, not everyone is pointing the finger at Roberts. Herbert Dixon, Washington D.C.’s superior court judge (also known as the technology judge) took to Twitter to pose the question as to whether the Airline should be investigated:

This poses an age-old question, “At what point do we hold organizations accountable for security vulnerabilities?” Considering that Roberts has been able to hack at least 15 aircraft networks over the course of 4 years undetected is disconcerting at best and does not bode well for airline security. While Robert’s actions of hacking live airplanes are irresponsible, the action identifies a serious flaw within Airline security. If this information were to get into the hands of a malicious terrorist, actions far more severe than spontaneous oxygen masks could unfold. Hopefully this will act as a trigger for Airlines to improve upon their in-flight cyber-security practices.

What are your thoughts? Did Roberts do us a favor by identifying a severe security flaw? Or were his actions irresponsible? Let us know in the comments below.

Ryan Egan

About the author

Ryan is a natural born technology enthusiast. He has a Bachelor's Degree in Information Technology and has been writing on the topic of technology for over 4 years. He also enjoys sitting in hot-tubs while watching movies on a gorgeous 80 inch flat-screen televisions.

3 comments on “Cyber-Security Researcher Hacks and Controls Plane – Hero or Villain?”

  1. Anonymous Reply

    I believe he should be punished for performing unsanctioned research with lives that could have been at stake. Just like any scientist who tried to perform “research” by giving out drugs to the unsuspecting public. This said, the findings of his “research” do make the airlines vulnerable and we do need to find another solution before something terrible truly happen.

  2. Anonymous Reply

    Companies frequently ignore known vulnerabilities, which the bad guys frequently know about, and frequently not resolved, until the vulnerability negatively impacts the company. White Hat hackers can, do, and have played an important role in bringing attention to these vulnerabilities. Bottom line – Roberts should be thanked and not thanked.

  3. Anonymous Reply

    Companies frequently ignore known vulnerabilities, which the bad guys frequently know about, and frequently are not resolved, until the vulnerability negatively impacts the company. White Hat hackers can, do, and have played an important role in bringing attention to these vulnerabilities. Bottom line – Roberts should be thanked and not punished. Oversight of the airline(s) failing to secure their infrastructure should be considered.

Leave a Reply

Your email address will not be published.

Google+