A renowned computer security expert/hacker is alleged to have hacked into the guts of the flight control computer system on a United Airlines Boeing 737-800 through its television system and scrolled through a menu of vital aircraft functions. Details of the previously reported incident have emerged through asearch warrant application (PDF) filed by the FBI. It happened April 15 on a flight from Denver to Chicago, a couple of months after Chris Roberts told authorities that he could access the very heart of the aircraft’s control systems at will. He also told them that on one occasion he had taken over control of an engine in flight. Roberts was escorted from the United flight on April 15 and banned forever by the airline after he tweeted (unedited): “Find myself on a 737/800, lest (sic) see Box IFE-ICE SATCOM, ? Shall we start playing with EICAS messages? PASS OGYGEN ON’ Anyone ? :)”. EICAS stands for the Engine Indication and Crew Alerting System while PASS OXYGEN ON is the toggle for controlling the flow of oxygen to the emergency drop-down masks. But this time he was just browsing. According to the FBI warrant application he told them he had briefly made an airliner “fly sideways” in 2014 by issuing a CLMB (climb) command to one of the engines through the MacBook Pro he had hooked to the little box that runs the seatback screen. Using his laptop, he briefly applied asymmetrical thrust for an undoubtedly surprised flight crew. Roberts has tweeted that the FBI has incorrectly distilled his five-year quest to improve aircraft security in its warrant application and that there is “lots to untangle.”
According to the warrant application, in February, after hacking the fundamental computer-controlled functions of the aircraft with readily available hardware and software at least 15 times, Roberts contacted the FBI in what appeared to be a warning about the vulnerabilities he had discovered. What investigators did with that knowledge isn’t clear but they did give Roberts a stern talking to. They warned him that manipulating the flight control systems of an airliner through a laptop connected to the airplane’s entertainment system was a federal offense. After tweeting about his April flight, he discovered they were serious about that. After being marched off his follow-on flight from Chicago to Syracuse (no seatback TVs on that one) his computer, iPad and some thumb drives were seized. Roberts has apparently not been charged with anything so far but he did tweet some advice for the FBI. The warrant application says he tweeted that files on the laptop are encrypted and the thumb drives they seized have what he told them were “nasty” malware and virtual machines for taking over computer networks. They might want to take what he had to say to heart this time.