Chris Roberts, of cyber security firm One World Labs Picture: FoxNEWS |
Julian Bray writes: Fox News are reporting - and its being picked up by TV and newspapers in Europe - that Chris Roberts, of cyber security firm One World Labs, claims he managed to hack into the plane’s computer systems through the electronic access box under his seat. Mr Roberts apparently made the claim in an FBI interview released in the USA .
Comments attributed to an FBI Agent Mike Hurley need to be treated with caution, for example: "He said he caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights." If this is true it would be a miracle, as engines don't climb but just go faster or slower. However flaps on the wings being manipulated would cause the aircraft to gain or lose altitude.
"He also stated (says Hurley), Roberts used software after comprising/exploiting or ‘hacking’ the airplane’s networks. He used the software to monitor traffic from the cockpit system."
True there is in older fly-by-wire aircraft, an access box under seat positions for aircraft entertainment systems but these aircraft have multiple computer arrays and not all are linked. The seatback hospitality TV unit would be on its own subset.
The cyber security technician says he "exploited security [software] weaknesses to override computer control systems by connecting an ethernet cable to his laptop and connecting into the below seat access port using default passwords to access systems.
The FBI claims Mr Roberts hacked the entertainment systems on US flights more than a dozen times between 2011 and 2014.
.
This comes after he was removed from a United Airlines flight last month for tweeting he might hack into the plane and make the oxygen masks deploy. Although FBI have confiscated his kit they are said to have taken his claims seriously.
A closer examination of the FBI document however suggests Roberts might not have actually 'hacked' the aircraft or any aircraft but did so in a closed virtual replication environment;" "Roberts said he used Kali Linux to perform penetration testing of the IFE system. He used the default IDs and passwords to compromise the IFE systems. He also said that he used VBox which is a virtualized environment to build his own version of the airplane network. The virtual environment would replicate airplane network, and that he used virtual machine's on his laptop while compromising the airplane network...." A form of Pie in the Sky, perhaps?
Tellingly Mr Roberts has not been charged with any crime, but has gained worldwide 'free' publicity and possible aviation consultancy offers from aircraft manufacturers. If any of this is true then existing IT teams and layers of expensive computer consultants can expect their employment to be rapidly terminated... Control, Alt, Delete.
MEANWHILE:
JULIAN BRAY ++44(0)1733 345581, Journalist, Broadcaster, Aviation Security & Operations Expert, Travel / Cruise Industry, EQUITY, NUJ, Broadcast COOBE ISDN ++44 (0)1733 345020 (DUAL CODEC) SKYPE: JULIAN.BRAY.UK e&oe Cell: 07944 217476 or iPhone 0743 530 3145 #VENDOR 10476453 http://feeds.feedburner.com/BraysDuckhouseBlog
No comments:
Post a comment