I don’t believe I’ve ever seen a plane fly sideways. It seems aerodynamically improbably. Hence, I tend to treat any account that involves a plane flying sideways with a certain amount of skepticism.
Press reports over the weekend said that according to the FBI, security researcher Chris Roberts had made an airliner climb and move sideways by hacking into the avionics via the in flight entertainment system. The source for this was a search warrant obtained by the FBI which describes an earlier interview with Roberts:
He then connected to other systems on the airplane network after he exploited/gained access to, or “hacked” the IFE system. He stated that he then overwrote code on the airplane‘s Thrust Management Computer while aboard a flight. He stated that he successfully commanded the system he had accessed to issue the “CLB” or climb command. He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of theseﬂights [sic].
So, let’s give the FBI agent the benefit of the doubt. Maybe he was just trying to say that Roberts made the plane change course. Let’s see if that makes sense. Commercial airliners are some of the most closely monitored and carefully maintained machines on earth. Let’s say the passenger in seat 3A had turned up the thrust on one of the engines, and the plane had veered off course. That would have attracted attention. Air traffic control would have wanted to know what the pilot was doing, the pilot would have wanted to know what the engine was doing. There would have been all sorts of paperwork and a full investigation. If you’ve ever sat on the runway for four hours because of a faulty reading on an inconsequential instrument, you’ll know that aircraft mechanics are not the sort of people to shrug and say, “It works for me.”
There are no reports of that happening.
What we do know is that Roberts put together an aircraft emulator running the same systems as the airliner, so that he could practice hacking into that. It’s even mentioned in the search warrant:
Roberts said he used Kali Linux to perform penetration testing of the IFE system. He used the default IDs and passwords to compromise the IFE systems. He also said that he used VBox which is a virtualized environment to build his own version of the airplane network. The virtual environment would replicate airplane network, and that he used virtual machine’s [sic] on his laptop while compromising the airplane network.
That last sentence doesn’t make sense. Why would Roberts use his emulator, when he was connected to the real airplane’s network in flight? The emulator is something you use in the lab, to determine what attacks will work on the real thing. If the FBI agent was confused about that, I think it’s likely that he also confused Roberts comments on what he had done with the emulator with what he had done with systems in flight.
From the typos, it’s obvious that this search warrant was put together under time pressure. It’s likely that the research for it was done under time pressure as well, and that the FBI agent tasked with preparing it was handed several hours worth of transcripts or recordings of interviews with Roberts (or perhaps just someone else’s notes), and took a quote out of context. That’s far more likely than the possibility that an experienced security researcher would deliberately risk bricking an aircraft engine.
Roberts is probably under instructions from his lawyer not to say anything about this case, but is is quoted as saying,”That paragraph that’s in there is one paragraph out of a lot of discussions, so there is context that is obviously missing which obviously I can’t say anything about.” This is consistent with Robert’s statement being about the emulator rather than a live airplane.
The search warrant and seizure of Roberts’ computer equipment was a response to a tweet he made about the possibility of hacking into the plane he was on and making the oxygen masks drop. This got a reaction from the airline’s security department and hence the FBI. The reaction would not have been anything like that unless both parties believed that Roberts’ joke was actually quite possible. In fact, just last month the Government Accountability Office warned that hacking into plane’s avionics via the in flight WiFi was a serious threat, and Roberts had been trying to warn the airlines and manufacturers about vulnerabilities like this for some time now. Apparently making jokes about vulnerabilities on Twitter is a more effective way of getting attention to a vulnerability than the ethical hacker disclosure protocol.
Some years ago the publication Computerworld published a full page picture of the planet Earth seen from the surface of the Moon with the caption: “If the aerospace industry had made as much progress as the computer industry in the past few decades, this would be the view from your office window“. These days the counter argument might be, if the aerospace industry paid as little attention to security as the computer industry, hijacking would be a daily event. It would be a shame if the fine safety record of commercial airlines were to be degraded because of cyber attacks. Let me try and put this in terms that an aeronautical engineer would understand: Having a cat6 port under every seat that lets you hack the aircraft control systems is like having a hole in your wing. You really should patch it before you fly that plane again.