Remember Chris Roberts? He was the hacker who wasn’t allowed to board his plane last month, when he talked on his Twitter account about the (lack) of airplane security and joked about hacking into the electronic control system.
Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? “PASS OXYGEN ON” Anyone ? 🙂
— Chris Roberts (@Sidragon1) April 15, 2015
It now turns out that while he might have been joking that one time, he actually hacked into IFE systems on aircrafts while in flight about 15 to 20 times, according to an FBI search warrant application filed in the U.S. District Court for the Northern District of New York. In the same warrant Roberts also claims that he was able to successfully command the system he accessed to issue the “CLB” (or climb) command. This caused one of the airplane engines to climb which resulted in a sideways movement of the plane during one of the flights.
He told WIRED: “That paragraph that’s in there is one paragraph out of a lot of discussions, so there is context that is obviously missing which obviously I can’t say anything about. It would appear from what I’ve seen that the federal guys took one paragraph out of a lot of discussions and a lot of meetings and notes and just chose that one as opposed to plenty of others.” And on his Twitter account he states:
Sorry it’s so generic, but there’s a whole 5 years of stuff that the affidavit incorrectly compressed into 1 paragraph….lots to untangle — Chris Roberts (@Sidragon1) May 17, 2015
Well, at least airlines seem to slowly wake up and confront reality now: United Airlines just started a bug bounty program that will award miles depending on the severity and impact of the reported bugs.