Skip to main content

FBI: Banned Security Researcher Admitted to Hacking Plane In-Flight !!

A security researcher who was pulled out from a United Airlines flight last month had previously admitted to Federal Bureau of Investigation (FBI) that he had taken control of an airplane and made it fly briefly sideways.


Chris Roberts, the founder of One World Labs, was recently detained, questioned and had his equipment taken by federal agents after he landed on a United flight from Chicago to Syracuse, New York following his tweet suggesting he might hack into the plane's in-flight entertainment system.
In that particular tweet, Roberts joked: "Find me on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? 'PASS OXYGEN ON' Anyone? :)"
The federal agents addressed the tweet immediately and took it seriously following the Roberts’ capabilities of such hacking tactics.

In the FBI affidavit first made public Friday - first obtained by APTN National News - Roberts told the FBI earlier this year about not once, but repeatedly hacking into aircrafts' in-flight entertainment (IFE) systems while on board.
"During these conversations, Mr. Roberts stated ... he had exploited [flaws] with IFE systems on aircraft while in flight. He compromised the IFE systems approximately 15 to 20 times during the period 2011 through 2014," FBI Special Agent Mark Hurley wrote in his application. "He last exploited an IFE system during the middle of 2014."

How the researcher made this possible?


The documents claim that Roberts connected his laptop to the plane’s IFE system via a modified Ethernet cable, allowing him to access other airplane systems.

During at least one instance, Roberts reportedly claimed to have overwritten the code on the airplane's Thrust Management Computer while aboard a flight and successfully controlled the system to issue the climb command.
By issuing the ‘CLB’ or climb command, Roberts "caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane," according to the FBI warrant application.

No Systems were Harmed:


Roberts claimed via Twitter that no systems were harmed during the trip. Moreover, Roberts told Wired in an interview that the FBI has taken his remarks about hacking "out of context" of their discussions with the agency.

Roberts claimed that he had only watched data traffic on airplanes, and he has only attempted the hack in a simulated environment because he believed that such hack attacks were possible.

"It would appear from what I’ve seen that the federal guys took one paragraph out of a lot of discussions and a lot of meetings and notes and just chose that one as opposed to plenty of others," he said, declining to elaborate further.

Since this incident, United Airlines has launched a bug bounty program inviting security researchers and bug hunters to report vulnerabilities in its websites, apps and web portals.

Roberts has neither been arrested by the FBI nor charged with any crime.

Source :- TheHackerNews

Labels

Labels:

Comments

Post a Comment

Popular Posts

Create Your Own Social Networking Site

Create Your Own Social Networking Site JCOW: Ethical Hacking Top 10 reasons to choose Jcow:- 1. Handle more traffic - Clean codes and Dynamic caching can lower the CPU load and  speed up your website. 2 Make your site more interactive - Well designed Jcow applications help you members to connect and communicate with others more effectively. 3 Add questions to the Registration Form - You can add new member fields, which will be displayed to the registration form, profile form, and the member browsing form. 4 Easily share stuff - Within the AJAX sharing Box, your members can publish status,  photos, videos, and blogs. 5 Customize and Extend your Jcow Network - A Jcow network consists of core apps(like "Friends" and "Messages") and optional apps(like "Blogs" and ""Videos"). You can enable/disable optional apps. You can also develop your own apps. 6 Every profile could be Unique - Members can customize their own profile theme and  add music play...
Post a Comment
Read more

HL7V2.x to HL7V3.0 Translation Issues Details-2

In continuation of my previous post this post lists the other issues associated with HL7 v2.x to HL7v3 translation Conformance Patterns: The other major issue with the transformation of messages is the behavior of application when a particular information exchange takes place. In HL7V3.0 apart from the trigger events and interactions there exists the notion of application role as senders and receivers. The application role is characterized as the entire set of interactions for which the sender and receiver are responsible for transmitting. HL7V3.0 clearly defines the possible interactions and the application behavior associated these interactions in the form of responses for which the sender and receiver needs to adhere to. The differences in messages between V2.x and V3.0 and absence of clear guidance on V2.x regarding application behavior on receipt of message makes the transformation exercise more difficult. Vocabulary: It is a well known fact that 80% of HL7 V2.x message failu...
Post a Comment
Read more

Hack WiFi Account From Phishing Attack With WifiPhisher

WiFi Phishing Attack With WifiPhisher Tool  Wifiphisher   is a security tool that mounts fast automated phishing attacks against WiFi networks in order to obtain secret passphrases and other credentials. It is a social engineering attack that unlike other methods it does not include any brute forcing. It is an easy way for obtaining credentials from captive portals and third party login pages or WPA/WPA2 secret passphrases. From the victim's perspective, the attack makes use in three phases: 1. Victim is being deauthenticated from her access point. Wifiphisher continuously jams all of the target access point's wifi devices within range by sending deauth packets to the client from the access point, to the access point from the client, and to the broadcast address as well. 2. Victim joins a rogue access point. Wifiphisher sniffs the area and copies the target access point's settings. It then creates a rogue wireless access point that is modeled on the target. It also sets up ...
Post a Comment
Read more