According to the FBI, Chris Roberts, a security researcher with One World Labs, may have successfully intruded into the flight system of a passenger jet and did it while it was in flight. Roberts claims he’s done it, but he maintains that it’s only been done in a simulated environment.
This much is clear — the FBI took notice of and paid close attention to the work that Roberts was doing. He also claims to have used an in-flight entertainment network to gain access to the flight controls of the plane, where he was able to “watch packets,” for the fuel balancing and thrust control systems.
On April 15, he allegedly posted a Tweet before he was scheduled to fly that implied he would test his theories regarding taking control of a plane’s network to make it rise, albeit with a sarcastic smiley. The police and FBI took Roberts into custody and interrogated him, seizing his laptops, hard drives and USB drives.
In a story posted on Wired, Roberts claims to have been able to gain access to a plane’s network 15 times and did it through a network connection found in every row using factory default logins and passwords — but maintains he only observed the network operations of the plane.
Regardless of whether Roberts did or didn’t mean to test his theory in-flight, he may have uncovered serious vulnerabilities in the networked avionics of today’s modern passenger jets. What’s even worse is that these flaws are issues that any basic security expert could have pointed out immediately.
One of the theories regarding missing Malaysian Airlines flight 370 is that someone may have taken control of the plane through its network. It was actively explored in an episode of PBS’ Nova and described as “possible”.