A controversial security expert who was removed from a United Airlines flight in April now claims that he had previously taken control of an airplane while in flight. But these claims are being challenged by other researchers, as are his methods, which seem to be aimed more at self-promotion than public safety.
Chris Roberts, a security researcher at One World Labs, first told the Federal Bureau of Investigation (FBI) in February that he hacked the in-flight entertainment system on an airplane while in flight and was able to command the plane to climb and briefly change course. But when he started tweeting about his activities in April, he was finally detained. A related search warrant application that details his interactions with the FBI was recently made available publicly.
“He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights,” the search warrant application explains. “He also stated that he … used … software to monitor traffic from the cockpit system … after comprising/exploiting or ‘hacking’ the airplane’s networks.”
Roberts told the FBI that he had hacked into the in-flight entertainment systems on Boeing 737 and 757 and Airbus A-320 aircraft “15 to 20 times.” His alleged motivation was to highlight the security issues in these systems “because he would like the vulnerabilities fixed.” But when nothing was done to address his complaints, Roberts started tweeting (posting to Twitter) that he could hack airplane’s onboard systems while in flight.
In April, he made such a tweet while onboard a United Airlines flight between Denver and Chicago. But when his connecting flight landed in Syracuse, New York, Roberts was pulled off the plane by federal authorities, who took him into custody and seized a fairly voluminous collection of electronic devices, detailed at great length in the search warrant application.
According to that application, Roberts used Kali Linux to infiltrate the in-flight entertainment system after making a physical connection to the under-seat box using a modified Ethernet cable. He used VBox to create a virtual replication of the airplane’s internal network, he said, and used a virtual machine on his laptop to become part of that network.
Roberts’ in-flight hacks allegedly occurred in 2014. He was told by the FBI on two occasions in February that this activity was a violation of federal statutes and that he could be prosecuted. He told the FBI he understood and that he would no longer do so, and he tweeted at that time that he received “two very direct warnings to not mess with certain things.”
But on the April flight he alluded to his ability to engage the oxygen masks in the cabin, joking on Twitter that doing so would “land [him] in an orange jump suit rather quickly.” A later examination of the under-seat in-flight entertainment system box “showed signs of tampering,” the FBI warrant application notes.
“Roberts had the ability and the willingness to use the equipment then with him to access the [in-flight entertainment system] and possibly the flight control systems on any aircraft equipped with [that] system,” the warrant application explains, “and that it would endanger public safety to allow him to leave the Syracuse airport that evening with that equipment.” When Roberts was detained in Syracuse, he said he had not compromised the airplane’s network.
While Roberts’ motivations seem pure, his actions are harder to reconcile. In addition to supposedly commandeering the control systems on multiple planes, his Twitter account is full of off-base humor related to these activities. A screenshot joking about Apple’s Siri being used to “hack the plane” is just one of many such images that allude to his abilities. He also jokes about his shenanigans during public speaking gigs, and appears to enjoy being a news topic.
It’s also not clear if he’s telling the truth. While his story about controlling aircraft is compelling, when Roberts spoke to Wired previously, he only said that he had accessed “in-flight networks” but had only observed raw data traffic. And other security researchers are outraged that Roberts would draw such attention to himself by doing something so obviously dangerous to others.
“You cannot promote the (true) idea that security research benefits humanity while defending research that endangered hundreds of innocents,” Yahoo chief information security officer Alex Stamos tweeted of Roberts. “Scientists often struggle with the ethical boundaries around their research,” a follow-up tweet adds. “Security needs to learn from those who came before.”
Incredibly, Roberts has still not been charged.