A prominent hacker and security researcher who was kicked off a United Airlines flight last month had previously admitted to the FBI that he had taken control of a plane and made it fly sideways.

Chris Roberts told a special agent earlier this year that he had repeatedly hacked planes' in-flight entertainment systems while aboard the aircraft, a search warrant application by the FBI states.

Read more:
Grant Bradley: Airport security boss talks terror threat
Fears plane computers could be hacked

In one case, he also reportedly claimed to have overwritten the plane's Thrust Management Computer code, allowing him to issue a climb command and make the plane serve sideways.

Advertisement

Following the interviews with the FBI agent on February 13 and 23 and March 5 - and another in April - Roberts had two of his laptops confiscated, along with several hard drives and USB sticks.

However, the founder of security firm One World Labs was never charged in relation to his claims.

The shocking revelations come just a month after Roberts was detained by the FBI for tweeting that he might hack the onboard systems of the domestic United Airlines flight that he was traveling on.

He was subsequently questioned for four hours in Syracuse, New York, for jokingly telling his 5,000 Twitter followers that he could hack the airplane's system and make its oxygen masks deploy.

According to the newly-surfaced affidavit, Roberts had told the unnamed FBI agent that he had 'identified vulnerabilities' with a number of aircraft two months before the United Airlines incident,

These included the makes of plane, Boeing 737-800, 737-900, 757-200 and Airbus A-320, he said.

He informed the agent he had compromised IFE systems '15 to 20' times from 2011 to 2014 - each time, while aboard an aircraft that was equipped with video monitors installed on the back of seats.

Roberts 'connected to other systems on the airplane network after he exploited/gained access to, or "hacked" the IFE system,' states the affidavit, obtained first by APTN News and, later, by WIRED.

Advertisement

'He was able to exploit/gain access to, or "hack" the IFE system after he would get physical access to the IFE system through the Seat Electronic Box installed under the passenger seat on airplanes.'

He took off the SEBS' covers, under the seats in front of him, by 'wiggling and squeezing' the boxes.
'After removing the cover to the SEB... he would use a Cat6 ethernet cable with a modified connector to connect his laptop computer to the IFE system while in flight,' the affidavit states.

In one instance, after 'hacking' the IFE system and connecting to 'other systems on the airplane network', Roberts then apparently overwrote code on the plane's Thrust Management Computer.

'He stated that he successfully commanded the system he had accessed to issue the "CLB" or climb command,' the affidavit says. 'He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights.'

The document adds: 'He also stated that he used Vortex software after compromising/exploiting or "hacking" the airplane's networks. He used the software to monitor traffic from the cockpit system.'

Despite Roberts's claims, he was never charged with any crimes. During his interviews, the FBI agent told him 'accessing airplane networks without authorization is a violation of federal statute'.

Advertisement

The affidavit was filed by FBI Special Agent Mark Hurley last month. The claims included in the document are contradictory to those Roberts had previously made in an interview with WIRED.

In the former interview, Roberts apparently told the magazine that he had caused a plane to climb during a simulated test in a virtual environment - but had never done so while aboard a real flight.

The FBI search warrant application does not reveal exactly which flight Roberts claims he caused to fly sideways over the past four years. No airlines have come forward to confirm his allegations.

On Friday, Yahoo's Chief Information Security Officer, Alex Stamos, tweeted of the latest revelations concerning Roberts's alleged in-flight actions: 'You cannot promote the (true) idea that security research benefits humanity while defending research that endangered hundreds of innocents.'

Meanwhile, Jaime Blasco, security researcher and director of AlienVault Labs, said that he found the claims 'really hard to believe.' But he added that if they were true, 'he deserves going to jail'.

But Roberts told WIRED his discussion with the agent about controlling a plane had been taken out of context. He also took to Twitter to defend himself, writing: 'A lot of it's out of context I'm afraid.'

Advertisement

In relation to last month's United Airlines incident, which made global headlines, Roberts was removed from a United flight by the FBI, and questioned, after landing in Syracuse, New York.

Authorities later seized his laptop and other electronics. Several days later, Roberts attempted to board a flight from Colorado to San Francisco to speak at a major security conference there.

However, the security researcher - whose company, One World Labs, tries to discover security risks before they are exploited, was stopped by the airline's security at the gate.

At the time, Roberts's lawyer said United gave the researcher, from Colorado, no detailed explanation why he wasn't allowed on the plane, but would be sending him a letter stating why the firm wouldn't let him fly on its aircraft.

'Given Mr. Roberts' claims regarding manipulating aircraft systems, we've decided it's in the best interest of our customers and crew members that he not be allowed to fly United,' airline spokesman Rahsaan Johnson told The Associated Press last month.

'However, we are confident our flight control systems could not be accessed through techniques he described.'

Advertisement

When asked what threat Roberts posed if United's systems couldn't be compromised, Mr Johnson said: 'Mr Roberts has made comments about having tampered with aircraft equipment.'

He said these claims were 'a violation of United policy and something customers and crews shouldn't have to deal with.' He added that the airline had reached Roberts several hours before his flight to tell him that he couldn't fly.

But a lawyer for Roberts said on April 19 that when his client received that call, the caller would only say he or she was from United, and wouldn't give Roberts a name or callback number.

When Roberts then tried calling the number back from his phone's caller ID, it rang instead to a resort hotel, and Roberts assumed it was a prank call, Roberts' lawyer said.

In the weeks leading up to the incident, Roberts had given interviews in which he had discussed airline system vulnerabilities. 'Quite simply put, we can theorize on how to turn the engines off at 35,000 feet and not have any of those damn flashing lights go off in the cockpit,' he told Fox News

Roberts also told CNN he had been able to connect to a box under his seat at least a dozen times to view data on the aircraft - something that relates to his claims detailed in the FBI search warrant.

Advertisement

'It is disappointing that United refused to allow him to board, and we hope that United learns that computer security researchers are a vital ally, not a threat,' said Nate Cardozo, a staff attorney with the San Francisco-based Electronic Frontier Foundation, which represents Roberts.

Last month, the Government Accountability Office warned in a report that some commercial aircraft in America may be vulnerable to hacking over their onboard wireless networks.

'Modern aircraft are increasingly connected to the Internet. This interconnectedness can potentially provide unauthorized remote access to aircraft avionics systems,' the report found.

Roberts, who lives in Colorado's Front Range region, took an alternate flight on Southwest Airlines and arrived in San Francisco after he was kicked off the United Airlines flight last month.

He later spoke at the RSA Conference about computer security vulnerabilities.

- Daily Mail

Advertisement