[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] Feds Say That Banned Researcher Commandeered a Plane
From:       InfoSec News <alerts () infosecnews ! org>
Date:       2015-05-18 14:17:49
Message-ID: alpine.DEB.2.02.1505181417390.28896 () infosecnews ! org
[Download RAW message or body]

http://www.wired.com/2015/05/feds-say-banned-researcher-commandeered-plane/

By Kim Zetter
Wired.com
05.15.15

A SECURITY RESEARCHER kicked off a United Airlines flight last month after 
tweeting about security vulnerabilities in its system had previously taken 
control of an airplane and caused it to briefly fly sideways, according to 
an application for a search warrant filed by an FBI agent.

Chris Roberts, a security researcher with One World Labs, told the FBI 
agent during an interview in February that he had hacked the in-flight 
entertainment system, or IFE, on an airplane and overwrote code on the 
plane's Thrust Management Computer while aboard the flight. He was able to 
issue a climb command and make the plane briefly change course, the 
document states.

"He stated that he thereby caused one of the airplane engines to climb 
resulting in a lateral or sideways movement of the plane during one of 
these flights," FBI Special Agent Mark Hurley wrote in his warrant 
application (.pdf). "He also stated that he used Vortex software after 
comprising/exploiting or ‘hacking' the airplane's networks. He used the 
software to monitor traffic from the cockpit system."

Hurley filed the search warrant application last month after Roberts was 
removed from a United Airlines flight from Chicago to Syracuse, New York, 
because he published a facetious tweet suggesting he might hack into the 
plane's network. Upon landing in Syracuse, two FBI agents and two local 
police officers escorted him from the plane and interrogated him for 
several hours. They also seized two laptop computers and several hard 
drives and USB sticks. Although the agents did not have a warrant when 
they seized the devices, they told Roberts a warrant was pending.

[...]


--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/

[prev in list] [next in list] [prev in thread] [next in thread]