Excerpts from a recent article about airplane hacking in
Business and Commercial Aviation:
...
So now we introduce Chris Roberts, bad boy hacker, security researcher and one of the founders of One World Labs (now OWL Cybersecurity) in Denver. Brilliant and idiosyncratic, Roberts had been warning of cyber vulnerabilities on commercial aircraft for years, but few in the industry took him seriously. To make his point, in April 2015 aboard a United Airlines Boeing 737-800 en route from Chicago to Syracuse, New York, Roberts logged onto Twitter and sent a tweet from the cabin speculating whether he should hack into the IFE (inflight entertainment system) through the SEB (seat electronic box, one of which is generally mounted under the seats in each row on either side of the aisle of narrow-body jetliners) and then into the cockpit systems.
“Shall we start playing with EICAS messages?” he tweeted. “‘PASS OXYGEN ON’ Anyone? 
” The smiley face was a nice touch, but the two FBI agents waiting for Roberts in the boarding lounge when the flight landed at Syracuse were not amused. (United cybersecurity personnel had seen the tweet and alerted the Bureau.) They took him into custody and confiscated his two laptop computers and several flash drives, which he admitted contained malware.
Under interrogation, Roberts said that despite his joking tweet, on the Chicago-Syracuse flight and a previous segment from Denver to Chicago, he had not hacked into either aircraft’s IFE. Nevertheless, in an inspection
of the SEB under the row where Roberts had been sitting on the Denver-Chicago segment, one of the FBI agents wrote in his affidavit request that the cover of the box appeared to have been tampered with. Roberts denied this, as well, claiming that the unit could have been damaged by previous passengers shoving carry-on baggage under the seats.
Come Fly (and Hack) With Me
This was not the first time that Roberts had been in the sights of the G-men. Earlier in 2015, other agents had visited him twice at One World Labs to discuss his research on aircraft hacking, which he and a colleague had been pursuing for years, even conducting simulated penetrations of avionics systems under laboratory conditions. In one of those meetings, Roberts admitted that he had hacked into aircraft systems on actual flights on multiple occasions, as well, just “to look around” but had not manipulated anything.
Then, amazingly, he went further, claiming that on one flight he had reached under the seat in front of him, jimmied the cover of an SEB, jacked in a modified Ethernet cable, and using his laptop, hacked into the IFE. From there, he again claimed, he had made his way to the higher-level aircraft control systems, where he had overwritten the code of the plane’s “thrust management computer.” That done, Roberts alleged, he had proceeded to increase the thrust of one of the plane’s engines, causing the aircraft to climb and “fly sideways,” presumably a yawing motion from asymmetric thrust. But the claimed IFE hacks and the alleged engine computer takeover remain unsubstantiated, which questions Roberts’ veracity.
Boeing and other airframe manufacturers are highly doubtful that Roberts could have pulled off these stunts, pointing out that IFEs are isolated from flight-critical control systems. (More on that later.) Consider, too, the constricting seat pitch on contemporary narrowbody jetliners, even in first class, and how difficult it would be to lean forward, find by hand the IFE box under the forward seat row, remove the screws securing the box lid, locate the proper port, etc. without being noticed by other passengers or a flight attendant.
Regardless, a demonstrated provocateur, his claims swing between irresponsibility and a cry for attention, both modes characteristic of that breed of hackers who are compelled to commit cyber mischief — sometimes dangerously — just to test their abilities and garner notoriety. On the other hand, Roberts and his research colleagues have pointed out the potential vulnerability of aviation cyber systems — not just on aircraft but the ground-based infrastructure, as well.
Meanwhile, the FBI is apparently building a case against Roberts based on his stated ability that he could hack into critical systems on board sophisticated aircraft and had developed the software to do it — plus the wiring diagrams of several contemporary airliners found on one of his laptops. One thing is for sure: When news of his salacious inflight tweet reached board members of One World Labs who had investments in the company, they withdrew their financial support causing its collapse, and Roberts subsequently abandoned the enterprise he helped found. In December 2015, former executives of the firm formed a holding company and purchased One World’s assets, subsequently repackaging the venture as a “dark net threat intelligence platform” under the name Owl Cybersecurity.
‘Crazy Different’ and Speaking ‘Off Script’ (Maybe)
Perhaps Robert Hickey also wanted to alert the aviation and security industries that commercial aircraft were vulnerable to hacking when he revealed in a keynote address during the CyberSat Summit in November 2017 at Tysons Corner, Virginia, that a team of experts had remotely hacked into a Boeing 757 sitting on the ground at Atlantic City. Moreover, the attempt had occurred under the auspices of none other than the Department of Homeland Security (DHS).
At the time, Hickey, a retired airline pilot who holds a doctorate in information technology, was aviation program manager in the Cyber Security Division of the DHS Science and Technology Directorate. He had been “detailed” there from the Office of the Director of National Intelligence.
The exercise was carried out in September 2016, Hickey said, as a “remote, non-cooperative, penetration” (i.e., not under laboratory conditions) with no one physically touching the aircraft. His team “stood off” from the legacy Boeing that the DHS had acquired, he claimed, and “using typical stuff that could get through security” was able to establish “a presence on the systems of the aircraft.”
While the details of the hacking test and the research that the S&T Directorate is conducting are classified, Hickey did say that the penetration was accomplished using “radio frequency communications,” adding that based on the RF configuration of most aircraft, “you can come to grips pretty quickly where we went” (again, presumably, into the cabin services equipment) [I thought it was probably a bogus clearance or flight plan uploaded through a non-secure protocol like ACARS or CPDLC - Airbubba].
Up to this point, the S&T Directorate’s research had primarily been focused on ground-based transportation infrastructure, e.g., air traffic control, but Hickey maintains that there’s another type of critical infrastructure, “and that’s critical infrastructure that’s in motion,” of which aviation represents one-third, the other two-thirds being surface (highway, railroad) and marine. But aviation exists in an environment of its own — far removed from the terrestrial one. Hence the need for the focused research apparently under way at the DHS.
While Hickey’s revelation made the rounds among the intelligence and security community (i.e., it was all over the web), nothing has been heard about the Boeing 757 test since his address at CyberSat. Furthermore, Hickey is no longer working in the S&T Directorate. One aviation industry observer BCA consulted speculated that “Hickey was off-script” when he spoke at the conference. BCA located Hickey at a Washington, D.C., consultancy and attempted to connect with him but had been unsuccessful at press time.
After contacting the DHS, however, we did receive the following statement from spokesman John Verrico in the S&T Directorate: “The Department of Homeland Security established and led a multi-agency team to assess the feasibility of a cyber-intrusion of a commercial aircraft. The Aircraft Cyber Initiative (ACI) project’s objective is to determine whether a cyberattack of commercial aircraft systems is possible and to offer mitigation recommendations for identified cyber vulnerabilities. Our focus was on older legacy aircraft where cybersecurity protections may not have been incorporated in their design.”
Aircraft Avionics Hacking: Is It Possible? Connected Aerospace content from Aviation Week
