Sky high hacking claims
News emerged recently that the FBI had detained a security expert following claims that he had hacked the onboard systems of a United Airlines flight that he was travelling on.
Although attracting a lot of news coverage, the facts in the case are unclear, not least because the self-styled security expert, Chris Roberts, is now saying only that the FBI took information out of context and that he has been advised not to comment further. Roberts was detained and investigated in New York after tweeting that he was on a United Airlines flight and boasting that he was in a position to deploy the oxygen masks. Court documents reveal that in the investigations, Roberts told the FBI he had hacked into plane systems up to 20 times between 2011 and 2014. It is claimed he did this by removing the cover of the in-flight entertainment box under built into the seat which allowed him use a modified network cable to connect his laptop to the plane and hack through to the aircraft's flight management systems. Roberts told CNN that he has done this a dozen times, and was able to view data about the aircraft fuel and engines, but insists he never took control of flight systems.
Hacking into and taking over an aircraft from a passenger seat makes sensational headlines but could these claims be true? Numerous aircraft engineers in both sides of the Atlantic have rubbished the idea saying that there is simply no connection between the flight deck computers and the cabin entertainment systems and the idea that a hacker can hack a way through is pure Hollywood, (and apparently has already been featured in an episode of CSI:Cyber). It has also emerged that Roberts told a hacker's conference in 2012 that he had messed around with the temperature controls on the space station sometime around 2004, and "got yelled at by NASA". He added "If they are going to leave it open, unencrypted, that's their own damn silly fault". NASA has refuted the claim that Roberts, or anyone else, has ever hacked into the space station.
Regardless of the facts of this case, Roberts justifies his actions by claiming he is a white-hat hacker, one who exposes flaws in computer security for the greater good. But can you really justify an attempted hack into someone else's computer system, without permission, without knowing what damage you might inflict, with the excuse that "I'm one of the good guys, and if I'd found an unlocked backdoor into your system I'd simply have told you about it,... honest". If you discovered a passing stranger forcefully testing all the doors, windows and locks of your house, would you be inclined to accept that he was just checking your domestic security for your own good, as a free service for which you and society should be grateful?
And no matter how well intentioned he thinks he is, would you really want to share a flight with someone who is dismantling the arm rest and trying to plug his laptop into the aircraft wiring systems, to see if the plane is secure?
27th May 2015
This article comes from the SKILLZONE email newsletter, published monthly since January 2008, and covering topics related to technology and the internet. All articles and artwork in the SKILLZONE newsletter are orignal content.