Hacker destabilizes flight from his seat even after warning the airlines of vulnerability
When Chris Roberts made the plane he was in, climb and move sideways, by just operating from his seat; that got me wondering how far hackers can go.
First was a tweet; “Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM,? Shall we start playing with EICAS messages? ‘PASS OXYGEN ON’ Anyone?,” From his account, threatening to deploy the oxygen masks during the journey that made him get banned from United Airlines flight. Then, Mr. Roberts would use the airline’s media system to its disadvantage through the In-Flight Entertainment (IFE).
The IFE systems were Thales and Panasonic systems with video monitors installed in the passenger seatbacks. He compromised the IFE systems approximately 15 to 20 times during the period 2011 through 2014. Each of this compromises occurred with IFE systems with the video monitors installed in the passenger seatbacks.
After removing the cover to the SEB that was installed under the passenger seat in front of him by wiggling and squeezing the box. Robert was able to gain access to the system using the Cat6 ethernet cable with a modified connector to connect his laptop computer to the IFE system while in flight. After gaining access to the IFE system, he overwrote code on the airplane’s Thrust Management Computer while aboard a flight.
The hacker then successfully commanded the system he had accessed to issue the ‘CLB’ or climb command. He then used Vortex software after compromising the airplanes networks, he used the software to monitor traffic from the cockpit system.
In a hack that sounds so easy to operate, the hacker said he used the default IDs and passwords to compromise the IFE systems. The VBox also assisted the hacker to use his own version of the airplane network making it even easier to penetrate the system.
Chris Roberts currently under intense investigation has caused a stir among security holes years after the infamous Rain Forest Puppy who back in the day provided information about security holes to fellow hackers.
Mr. Roberts has however done extensive research into the vulnerabilities of airplane networks and has spoken with Boeing and Airbus in the past about the vulnerabilities, but got little response from the airlines.
By the airplane company downplaying the reports by the hacker, it is be to blame for the continued hacks. The hacker also justified his sarcastic tweets as exasperation that his warnings had not been heeded by the airlines.
Robert has had his digital gadgets seized for further investigation for attempting to gain unauthorized access to the on-board networks of a commercial aircraft, which violates federal law.
The security researcher has however argued that his deed over the last five years has been in a quest to improve aircraft security.