The federal government says it isn’t possible and there is nothing to worry about, but the FBI is nevertheless attempting to punish someone for doing what they have said can’t be done: hack into the Wi-Fi of a commercial airliner in flight.
According to the Washington Free Beacon (WFB), federal law enforcement is publically downplaying a recent report that white hat hacker Chris Roberts, a security researcher with One World Labs, recently managed to penetrate the wireless fidelity connection of a commercial airliner while it was in flight. Officially, however, it appears that the FBI is taking the matter seriously enough to pursue a search warrant and potential criminal charges against Roberts.
Wired reports that after getting off a flight in Syracuse, New York, in February, Roberts told the FBI that “he had hacked the in-flight entertainment system, or IFE, on an airplane and overwrote code on the plane’s Thrust Management Computer while aboard the flight.” In addition, Roberts told the FBI he “was able to issue a climb command and make the plane briefly change course,” according to a federal court document[PDF] filed in April.
Prior to Roberts’ incident, cyber experts had been warning that the Wi-Fi connections on commercial planes were vulnerable, providing a back door to terrorists and criminal hackers who might want to assume control over a flight while in the air from their seats.
Didn’t they say there was no danger?
One senior law enforcement official dismissed these repeated warnings by experts as unlikely, the WFB reported.
“While we will not comment on specific allegations, there is no credible information to suggest an airplane’s flight control system can be accessed or manipulated from its in flight entertainment system,” a senior law enforcement official who was not permitted to speak on the record told the news site recently. “Nevertheless, attempting to tamper with the flight control systems of aircraft is illegal and any such attempts will be taken seriously by law enforcement.”
John McAfee, a computer programmer and founder of McAfee, Inc., known for its anti-virus software, said in a recent interview with independent journalist Luke Rudkowski that Roberts managed to boost the thrust of the plane’s right engine only briefly. He said had the pilots known that the change had been made, they would have taken over the flight controls manually, which he says did not happen.
“There were no risks to anyone on board,” he said.
FBI Special Agent Mark Hurley is investigating Roberts. In his affidavit, he noted, “He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights.”
“He also stated that he used Vortex software after comprising/exploiting or ‘hacking’ the airplane’s networks. He used the software to monitor traffic from the cockpit system,” he continued.
Removing the threat should be a priority
If there is really no risk of hacking into a U.S. airliner, why the prosecution? Is it because it happened just like Roberts says? Is this a security flaw that the government doesn’t want the public to be aware of?
Rachel Ehrenfeld, founder and CEO of the American Center for Democracy and the Economic Warfare Institute, noted in December that terrorists could exploit these vulnerabilities, as reported by the WFB.
“A well trained martyr could hack into the plane’s computer system, take over all or part of the controls, commandeering its communication, or air system to shut down, etc.,” Ehrenfeld wrote during the 2014 holiday travel season.
In a follow-up interview with WFB in recent days, Ehrenfeld did not think the government’s cover-up strategy was a good idea.
“Downplaying [the threat] is not very smart. American air carriers are understandably trying to save money. But it shouldn’t come on the expense of passengers safety,” she said. “Moreover, security should govern air travel. Removing the threat of hacking into the cockpit is a priority.”