Home > Identity Theft > FBI Calls Out Researcher Who Claimed He Hacked Airplane

Comments 0 Comments

Headlines during the weekend screamed that a hacker had taken control of a commercial airliner and been able to make it move “sideways” in flight. Avionics security researcher Chris Roberts, who has previously published substantial research on airplane hacking, was questioned by FBI agents after a flight in April, and his computer equipment seized. In part because Roberts was on his way to a security conference, the incident received a lot of media attention.

Over the weekend, an FBI affidavit surfaced in which an agent claimed Roberts said he had been able to hack airplane controls and make a plane fly “sideways” during a fight. The affidavit offered some detail about how Roberts allegedly tapped into an airplane’s in-flight entertainment system, and from there, escalated privileges until he was allegedly able to issue a command to one of the plane’s engines. That upped the ante on the incident and led to a lot of headlines about airline hacking.

There’s a lot to unpack about this story, but let me get out a few points quickly.

1. There is no evidence that a hacker altered the flight of a plane.

Instead, the FBI says a hacker told them he was able to briefly take control of a plane. These things are very, very different. What we have is a single sentence in an affidavit filed in support of a search warrant in which the FBI claims a well-known avionics security researcher named Chris Roberts claims he was able to issue a command to an airplane engine and make a plane move sideways. We don’t have the flight date or number; we don’t have any other evidence to support the assertion. We don’t even know what it means to make a plane “move sideways.” It’s important to note: the burden of proof for assertions in an affidavit to obtain a search warrant is quite low. The FBI had already seized Roberts’ computer and a series of flash drives that were encrypted, and it wanted the right to keep the equipment and examine it for evidence. An agent asking a judge to sign such an order will throw the whole kitchen sink into the affidavit.

2. This might be hacker-speak.

There is a long history of hackers — or for that matter, anyone trying to call attention to a serious problem that’s not getting the attention it deserves — engaging in hyperbole or puffery. If you read the FBI affidavit, you get the sense that Roberts’ conversation with the agents interviewing him might have gone something like this:  “Yes, I’ve managed to break into the in-flight entertainment system and from there, jump networks and eventually access avionics controls. Why don’t you folks listen? I’ve done it 15 or 20 times! Heck, I once issued a command to an engine! I’m not going to say I was flying the plane, but did I make the thing move sideways a bit? Well, I proved my point, anyway.” Roberts isn’t giving interviews, but before he stopped talking, he did tell Wired’s Kim Zetter that his comments to the FBI were taken out of context. 

“That paragraph that’s in there is one paragraph out of a lot of discussions, so there is context that is obviously missing which obviously I can’t say anything about,” he said.

3. He’s not crazy, though.

The energy being used to investigate Roberts might be better used researching the attacks he’s calling attention to. The GAO issued a report to Congress just a few weeks ago ringing the alarm bell about increased interconnectivity of airplane avionics systems and the risks that poses. Let’s be clear: Roberts has been very public about his research, and he volunteered all this information to the FBI during discussions in February and March. He was stopped for questioning, and his computers seized, after a flight to a security conference in April. The timeline is important. The claim of moving a plane sideways (and what does that mean, anyway? Planes don’t go sideways), is months old, and references a flight that is perhaps much older than that. If he really altered the flight of a plane, there’d probably be other evidence of that by now.

4. Hacking an airplane full of people crosses the line, even with the best of intentions.

Back to the timeline. The FBI says Roberts spoke to them, shared all this information about his ability to hack airplanes, and then a month later tweeted about possibly hacking into an airplane before a flight in April to a security conference. When he landed, the FBI says, agents found evidence that the in-flight entertainment computer (“seat electronic box”) located under his seat showed evidence of physical tampering. If that’s true, Roberts better have a good lawyer. (He does: The Electronic Frontier Foundation is representing him now). Nobody I know would support that kind of research. But please remember: these are merely allegations made in an FBI affidavit. They aren’t even allegations made in an indictment.

Roberts told Zetter the tweets, which might have been an ill-advised poke at airline security, were a joke. And he had told Zetter in the past that he had only attacked avionics using a simulator. So let’s not jump to any conclusions.

Unless you are a security researcher, the bottom line for you, dear airline passenger: You need not be afraid that someone can hack the movie screen on the seat next to you and take control of the aircraft. That is, as Carl Sagan might have said, an extraordinary claim that requires extraordinary evidence, and we don’t even have basic evidence. So don’t worry about your flight today. Some day, there will be something to worry about. Is that 10 years in the future or next month? I cannot say.

What do you do have to worry about today? If I were getting on an airline during the next week or so, I’d be pretty careful about stray cables hanging needlessly out of my carry-on bag; and I’d make sure I didn’t do anything that might look like I was trying to fiddle with the “seat electronic box” under your seat. And I might worry about in-flight entertainment systems being disabled some day soon so FAA and airline researchers can examine Roberts’ research more carefully.

This story is an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.

More on Identity Theft:

Image: Digital Vision

Comments on articles and responses to those comments are not provided or commissioned by a bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by a bank advertiser. It is not a bank advertiser's responsibility to ensure all posts and/or questions are answered.

Please note that our comments are moderated, so it may take a little time before you see them on the page. Thanks for your patience.

Certain credit cards and other financial products mentioned in this and other articles on Credit.com News & Advice may also be offered through Credit.com product pages, and Credit.com will be compensated if our users apply for and ultimately sign up for any of these cards or products. However, this relationship does not result in any preferential editorial treatment.

Hello, Reader!

Thanks for checking out Credit.com. We hope you find the site and the journalism we produce useful. We wanted to take some time to tell you a bit about ourselves.

Our People

The Credit.com editorial team is staffed by a team of editors and reporters, each with many years of financial reporting experience. We’ve worked for places like the New York Times, American Banker, Frontline, TheStreet.com, Business Insider, ABC News, NBC News, CNBC and many others. We also employ a few freelancers and more than 50 contributors (these are typically subject matter experts from the worlds of finance, academia, politics, business and elsewhere).

Our Reporting

We take great pains to ensure that the articles, video and graphics you see on Credit.com are thoroughly reported and fact-checked. Each story is read by two separate editors, and we adhere to the highest editorial standards. We’re not perfect, however, and if you see something that you think is wrong, please email us at editorial team [at] credit [dot] com,

The Credit.com editorial team is committed to providing our readers and viewers with sound, well-reported and understandable information designed to inform and empower. We won’t tell you what to do. We will, however, do our best to explain the consequences of various actions, thereby arming you with the information you need to make decisions that are in your best interests. We also write about things relating to money and finance we think are interesting and want to share.

In addition to appearing on Credit.com, our articles are syndicated to dozens of other news sites. We have more than 100 partners, including MSN, ABC News, CBS News, Yahoo, Marketwatch, Scripps, Money Magazine and many others. This network operates similarly to the Associated Press or Reuters, except we focus almost exclusively on issues relating to personal finance. These are not advertorial or paid placements, rather we provide these articles to our partners in most cases for free. These relationships create more awareness of Credit.com in general and they result in more traffic to us as well.

Our Business Model

Credit.com’s journalism is largely supported by an e-commerce business model. Rather than rely on revenue from display ad impressions, Credit.com maintains a financial marketplace separate from its editorial pages. When someone navigates to those pages, and applies for a credit card, for example, Credit.com will get paid what is essentially a finder’s fee if that person ends up getting the card. That doesn’t mean, however, that our editorial decisions are informed by the products available in our marketplace. The editorial team chooses what to write about and how to write about it independently of the decisions and priorities of the business side of the company. In fact, we maintain a strict and important firewall between the editorial and business departments. Our mission as journalists is to serve the reader, not the advertiser. In that sense, we are no different from any other news organization that is supported by ad revenue.

Visitors to Credit.com are also able to register for a free Credit.com account, which gives them access to a tool called The Credit Report Card. This tool provides users with two free credit scores and a breakdown of the information in their Experian credit report, updated twice monthly. Again, this tool is entirely free, and we mention that frequently in our articles, because we think that it’s a good thing for users to have access to data like this. Separate from its educational value, there is also a business angle to the Credit Report Card. Registered users can be matched with products and services for which they are most likely to qualify. In other words, if you register and you find that your credit is less than stellar, Credit.com won’t recommend a high-end platinum credit card that requires an excellent credit score You’d likely get rejected, and that’s no good for you or Credit.com. You’d be no closer to getting a product you need, there’d be a wasted inquiry on your credit report, and Credit.com wouldn’t get paid. These are essentially what are commonly referred to as "targeted ads" in the world of the Internet. Despite all of this, however, even if you never apply for any product, the Credit Report Card will remain free, and none of this will impact how the editorial team reports on credit and credit scores.

Our Owners

Credit.com is owned by Progrexion Holdings Inc. which is the owner and administrator of a number of business related to credit and credit repair, including CreditRepair.com, and eFolks. In addition, Progrexion also provides services to Lexington Law Firm as a third party provider. Despite being owned by Progrexion, it is not the role of the Credit.com editorial team to advocate the use of the company’s other services. In articles, reporters may mention credit repair as an option, for example, but we’ll also be sure to note the various alternatives to that service. Furthermore, you may see ads for credit repair services on Credit.com, but the editorial team isn’t responsible for the creation or implementation of those ads, anymore than reporters for the New York Times or Washington Post are responsible for the ads on their sites.

Your Stories

Lastly, much of what we do is informed by our own experiences as well as the experiences of our readers. We want to tell your stories if you’re interested in sharing them. Please email us at story ideas [at] credit [dot] com with ideas or visit us on Facebook or Twitter.

Thanks for stopping by.

- The Credit.com Editorial Team