A security researcher told the FBI in February he was able to commandeer a plane's control system mid-flight, according to a warrant application filed last month. The researcher, Chris Roberts, was banned from all United Airlines flights in April after tweeting a joke about exploiting flight control vulnerabilities while on a plane, Wired reports. After the plane landed in Syracuse, New York, FBI agents escorted Roberts off the flight and confiscated several of his electronics, including a MacBook Pro and several thumb drives. According to Wired, they told Roberts a warrant to search the devices was pending, and they filed a warrant application two days later. A Canadian media outlet published the application yesterday.
Roberts had previously met with the FBI in February of this year to discuss vulnerabilities with In Flight Entertainment (IFE) systems. He reportedly told agents that he was able to exploit these vulnerabilities 15 to 20 times from 2011 to 2014. Roberts claimed it was possible for him to gain physical access to the IFE system through the Seat Electronic Box (SEB) located under seats containing video monitors, according to the FBI affidavit. Roberts was able to connect his laptop to the IFE system, allowing him to overwrite code on the aircraft's Thrust Management Computer and issue flight commands from his seat.
The stories don't quite match up
Not unexpectedly, there are some discrepancies between the FBI's version of things and Roberts' own story. The warrant application suggests Roberts said he issued the CLB or "climb command" while on a flight, causing one of the engines to climb and "resulting in a lateral or sideways movement" of the aircraft. But Roberts told Wired that while he was able to hack into the IFE system, he never commandeered the flight. He says he has caused a plane to climb during flight, but only during a simulated test. On Twitter, Roberts claims much of the affidavit takes things he said out of context:
It's busy...and a LOT of its out of context I'm afraid https://t.co/mWvYzNpDRW— Chris Roberts (@Sidragon1) May 16, 2015
"I’m obviously concerned those [conversations] were held behind closed doors and apparently they’re no longer behind closed doors," Roberts told Wired.
When FBI agents searched the plane after the flight, they found SEBs under two of the aircraft's seats "showed signs of tampering," according to the warrant application. But when Wired asked Roberts if he had connected his laptop to the SEBs on that flight, he reportedly said, "Nope I did not. That I’m happy to say and I’ll stand from the top of the tallest tower and yell that one."
"We believed that Roberts had the ability and the willingness to use the equipment then with him to access or attempt to access the IFE and possibly the flight control systems on any aircraft equipped with an IFE system, and that it would endanger public safety," the affidavit reads.
Roberts helped found the company One World Labs, and told Wired yesterday that several investors had already withdrawn funding as a result of the incident. Roberts has not yet been charged with a crime.