FBI Probes Hacker's Claim He Took Over Plane's Engine Controls

May 19, 2015
Originally published on May 19, 2015 2:53 pm
Copyright 2015 NPR. To see more, visit http://www.npr.org/.



Ever since the 9/11 attacks, airlines and the federal government have been trying to make sure a terrorist can't attack or crash an airplane. They've hardened cockpit doors and tightened airport security. Now there's another frightening concern - a cyberattack where computer hackers take control of the plane. The FBI is, in fact, investigating a computer-security expert who claims that he did just that. Here to talk more about it is NPR technology reporter Aarti Shahni. Good morning.


MONTAGNE: Now, this man in question is named Chris Roberts. Did he do what he claims to have done?

SHAHANI: We don't know. The FBI is investigating and there's more than one incident to investigate. According to an FBI affidavit, Roberts said he'd hacked Boeing and Airbus planes like 15 or 20 times in the last few years. He allegedly popped off the cover to an electronic box, something that's below the passenger seat. It controls in-flight entertainment. He connected the box to his own laptop using an ethernet cable and then wiggled his way from the entertainment system to the navigation systems, so the affidavit says, and even monitored traffic from the cockpit - all this remotely, of course, from his seat. In one instance, Roberts allegedly got control of an airplane engine and caused the plane to move sideways.

MONTAGNE: All right. So those are his claims, and they sound terrifying, actually, if that all happened. Is it plausible?

SHAHANI: Well, law enforcement officials have told NPR there's no credible information suggesting that he in fact did this. And we talked to a bunch of private security researchers who say it's unlikely as well. One guy who was hired to test cybersecurity for a large airline pointed out that in-flight entertainment is typically segmented, cordoned off, from the control networks for motion, so unlikely there. Though, another guy did point out that we are talking about software here and software constantly has to be patched. And if a patch was ever not done, for example, there is some plausibility, some feasibility of breaking in.

MONTAGNE: Well, last month, federal auditors issued a pretty harsh report saying the FAA has to deal with what it called significant weaknesses in cybersecurity. What about the airlines? Are they concerned?

SHAHANI: It seems they're very concerned, but (unintelligible) behind closed doors. They don't want to talk publicly about their concerns, though one aviation analyst told us that right now, airlines are dealing with the problem of frequent-flyer programs getting breached.

MONTAGNE: Well, last week, United Airlines announced it's going to offer reward miles to some hackers. What's that about?

SHAHANI: Yeah, that's an interesting developing here. United actually called the FBI to deal with Roberts because as he was boarding one of their planes, he made this careless tweet about sabotaging their systems. And now the airline is offering to reward hackers for finding bugs in the company's website and mobile apps, and they'll pay in miles. Key detail - they're not asking hackers to look at in-flight entertainment or navigation while in the air, so key detail for flyers.

MONTAGNE: Aarti, thanks very much.

SHAHANI: Thank you.

MONTAGNE: That's NPR's Aarti Shahani in San Francisco. Transcript provided by NPR, Copyright NPR.