WHEN SECURITY RESEARCHER Chris Roberts was removed from a United fight last month after tweeting a joke about hacking the plane’s inflight entertainment system, the security community was aghast at the FBI’s over-reaction and United’s decision to ban him from a subsequent flight.
But with publication of an FBI affidavit this month asserting that Roberts admitted to hacking a plane inflight, causing it to veer slightly off course, reaction in the community swiftly shifted. Wrath that had been directed at the FBI was now directed at Roberts.
How could a professional security researcher put passengers at risk by doing a live and unauthorized pen-test of a plane’s network while in the air?
Equal to the clamor over the alleged actions, however, was that over the veracity of the claim. Many insisted that either the FBI had misunderstood Roberts, or the researcher had spun them a tall tale. Boeing and independent aviation experts asserted that what the FBI affidavit described was technically impossible.
“While these systems receive [plane] position data and have communication links, the design isolates them from the other systems on airplanes performing critical and essential functions,” Boeing said in a statement.
The statement seemed a contradiction in terms, though. Were the avionics and infotainment networks connected by communication links or were they isolated? And if connected, how could Boeing be certain a hacker couldn’t leap from the entertainment system to the avionics system and manipulate controls? After all, a report released last month by the Government Accountability Office raised this very concern, as did an FAA document issued to Boeing in 2008.
Read more at WIRED