Chris Roberts of One World Labs and an in-flight entertainment system
A cybersecurity professional said he successfully hacked the navigation system controlling an aircraft he was flying on to prove a point American airlines weren't doing enough to protect their passengers against these potentially deadly attacks.
Chris Roberts, founder and chief technology officer of One World Labs, a security intelligence firm based in Boulder, Colorado that identifies risks before they're exploited, said he altered the course of one of the planes he flew in after hacking its in-flight entertainment system.
Roberts said he had accessed the in-flight entertainment systems on some 20 flights between 2011 and 2014. In a statement to the FBI, which is investigating his claims, Roberts said he caused one of the airplanes to climb resulting in a lateral or sideways movement of the plane during one of these flights.
Roberts said he was able to gain access to the access to the in-flight system after forcing open the electronics box under his seat before connecting his laptop via an Ethernet cable. By doing this, he was able to scan the network for security flaws and monitor communications from the cockpit.
In an interview with Fox News, Roberts said it definitely is possible for terrorists to remotely bring down a plane by hacking into its in-flight entertainment system or its Wi-Fi.
Roberts warned, however, this is "definitely difficult. It takes a lot of work. It takes a lot of research and you have to be on quite a number of lights to figure out the architecture of the different planes".
Roberts said there are two ways terrorists could use the in-flight system to control and destroy a plane. One method means terrorists or a terrorist would have to be physically be on the plane to seize control of it. This is basically a suicide mission for the terrorist aboard the plane.
The other method is more sophisticated and more terrifying. Roberts said it's theoretically possible terrorists could leave devices behind on a plane that allow them to remotely get into the plane's onboard wireless system.
He cautioned this method "is extraordinarily difficult to do" since terrorists would first have to understand how the plane's computer network operates and how avionics work for them to be able to communicate between those systems.
He said he has relayed his fears and information about these methods to the U.S. Federal Aviation Administration for years but has seen the FAA take no discernible action to counter this new theat.
"I would argue the FAA is not ready for it. No", he said.
Roberts' claims a plane's in-flight system can be hacked has long been proven to be theoretically sound. In 2014, cyber security expert Ruben Santamarta invented a hack that could access a plane's communications equipment through its in-flight entertainment and Wi-Fi. This could be used to control the plane's navigation system.
Santamarta said there's no guarantee hackers will be able to use the hack to access a plane in mid-flight but did so in a lab setting. His exploitation of these communications systems started with a password vulnerability.
Roberts has apparently proven Santamarta's theory to be possible.
