Ehrenfeld on Hacking into Airplanes Controls*
By Adam Kredo @ Washington Free Beacon*
Tuesday, May 19th, 2015 @ 12:35AM
Adam Kredo’s “Cyber Experts: FBI Ignoring Hack Threats to Airplane Wi-Fi. Law enforcement still sees no credible threat,” appeared today in the Washington Free Beacon:
“Law enforcement officials are downplaying reports that a U.S. hacker infiltrated a commercial airliner Wi-Fi network mid-flight and assumed control of the craft’s controls, according to one source who spoke to the Washington Free Beacon.
The FBI is currently investigating U.S. hacker Chris Roberts, who claims he illicitly seized a commercial airline’s flight controls by hacking into it via the in-flight entertainment system, according to a recent affidavit filed by the FBI in federal court.
Cyber experts have warned that the Wi-Fi on commercial flights provides a back door to would-be terrorists and other hackers seeking to assume control of a flight while in the air from their seat. One senior law enforcement official dismissed these repeated warnings by experts as unlikely.
“While we will not comment on specific allegations, there is no credible information to suggest an airplane’s flight control system can be accessed or manipulated from its in flight entertainment system,” one senior law enforcement official who was not permitted to speak on the record told the Free Beacon Monday. “Nevertheless, attempting to tamper with the flight control systems of aircraft is illegal and any such attempts will be taken seriously by law enforcement.
An FBI official said the agency does not comment on ongoing investigations.
As recently as December, cyber experts were issuing warnings about the vulnerability in commercial airline Wi-Fi networks. Government oversight authorities also have issued alerts about the threat hackers could pose aboard a plane. However, the FBI also downplayed these reports as hypothetical and unlikely.
Rachel Ehrenfeld, founder and CEO of the American Center for Democracy and the Economic Warfare Institute, noted in December that terrorists could exploit these vulnerabilities.
“A well trained martyr could hack into the plane’s computer system, take over all or part of the controls, commandeering its communication, or air system to shut down, etc.,” Ehrenfeld wrote ahead of the 2014 holiday season.
In a follow-up interview this week, Ehrenfeld said commercial airlines and U.S. law enforcement agencies are not doing enough to fix vulnerabilities in the in-flight Wi-Fi system, which, in most cases, shares the same network as the cockpit controls.
“Downplaying [the threat] is not very smart. American air carriers are understandably trying to save money. But it shouldn’t come on the expense of passengers safety,” she said. “Moreover, security should govern air travel. Removing the threat of hacking into the cockpit is a priority.”
Ehrenfeld said that due to the cost of overhauling a plane’s Wi-Fi network and separating it from the cockpit system, many airliners are hesitant to invest.
In the case of U.S. hacker Roberts, he initially contacted the FBI in 2015 to warn them about vulnerabilities he had discovered while using the in-flight Wi-Fi aboard several different airlines, according to the FBI affidavit, which was first reported on by Canada’s APTN.
Roberts claimed in an interview with FBI agents that “he had exploited vulnerabilities with [in-flight entertainment] systems on aircraft while in flight,” according to the affidavit.
Roberts said he “compromised” these networks at least 15 to 20 times from 2011 to 2015. By exploiting these vulnerabilities, Roberts says he was able to order the plane to climb in altitude.
Authorities detained Roberts in April 2015 after sending out tweets about his efforts to infiltrate a plane’s Wi-Fi network while aboard a flight. He threatened to potentially order the plane’s oxygen masks to drop from the ceiling, according to reports.
A subsequent investigation “showed signs of tampering” on the entertainment system at Roberts’ seat, according to the affidavit. An April 2015 report released by the Government Accountability Office called such a hack attack theoretically possible. It said that such methods could be used to commandeer a plane, inject a virus into flight computers, interrupt navigational systems, and generally threaten the safety of those aboard a flight.”