Richard Lawler of Engadget writing about how the security researcher recently pulled off a United flight due to claims of electronically tampering with the aircraft has now been accused by the FBI of actually controlling the plane mid-flight:
Remember the security researcher who was pulled from a United flight and had his equipment taken (before its frequent flier miles-paying bug hunt) for tweeting about hacking into the plane via its entertainment system? In an application for a search warrant, FBI agents said he previously told them he’s gone further than that. APTN National News obtained the document, which contains claims that Chris Roberts told them he connected his laptop to a plane via an Ethernet cable, hacked into a thrust management computer and briefly controlled one of the engines, causing the plane to change course. As reported previously by Wired, he has warned of vulnerabilities in planes for years — manufacturers deny they exist — and the conversations were apparently intended to get these problems fixed.
So if the FBI’s claim is correct, the aviation industry is going to look like a bunch of idiotic jackasses. If anyone can hack a commercial aircraft entertainment system and obtain control of the plane then not only is the industry screwed, so are those of us who fly.
Somehow I find myself unsurprised it’s this easy to hack an airplane. The way the aviation industry looks at computer security is much like the ICS/CIP industry – many people believe the measures we recommend be employed to be too costly and unnecessary because, you know, what are the chances someone will be able to pull off this type of trick?