After tweeting about successfully hacking airline systems, security researcher Chris Roberts was kicked off of a United flight from Chicago to Syracuse and detained by the FBI. According to WIRED, Roberts told the FBI that “he had hacked the in-flight entertainment system, or IFE, on an airplane and overwrote code on the plane’s Thrust Management Computer while aboard the flight. He was able to issue a climb command and make the plane briefly change course.”
Roberts’ claims seem to contradict themselves: at times, he told the FBI he had only gained access to aircraft systems during simulated tests; other times saying that he gained access, but only monitored cockpit traffic, while finally, he noted he had on occasion manipulated systems that changed the aircraft’s flight path. Meanwhile, some members of law enforcement do not believe that an aircraft can be hacked in the way that Roberts claims and Boeing has said that their plane’s systems make his claims impossible.
However, other experts believe that the threat is real. Peter Armstrong, executive director and head of cyber for Willis’ FINEX Global, argues that the aviation industry faces a genuine risk of cyber attack, “cyber vulnerabilities are a real and pervasive issue for all airline operators. Threats come from nation state actors, terrorists, hacktivists (including purported safety hackers like Roberts), and organised criminals. These threat actors are interested in different data, information and access…Aviation as a sector is in the sights of the threat actors and all operators need to accelerate and amplify their response.”