Experts: Plane hack through infotainment box seems unlikely

Elizabeth Weise | USA TODAY

SAN FRANCISCO — Computer and aviation experts say it seems unlikely a Denver-based cyber-security researcher was able to compromise a jet's controls via its in-flight entertainment system, making it bank briefly to one side.

The claims of One World Labs founder Chris Roberts have been the subject of much speculation after it was reported Friday that he told FBI agents he'd been able to hack into a flight he was on and cause it to turn sideways by manipulating the engine controls from his computer.

Those systems are separate, said Jeffrey Price, an aviation security expert and aviation professor at Metropolitan State University in Denver.

"From what all the aircraft manufacturers have been telling us, the in-flight entertainment system is a different system from the software that controls the avionics, flight controls and navigation systems of the plane," he said.

"This sounds scary but it is absolutely not possible," said Jon Miller, a computer security researcher with Cylance, in Irvine, Calif.

The only thing that a hacker could do would be to prevent someone from watching movies, said Miller, who has tested the vulnerability of in-flight entertainment systems.

Federal law enforcement officials say they are assessing Roberts' claims but so far have no credible information to suggest an airplane's flight control system can be accessed or manipulated from its in-flight entertainment system.

Security experts say they can't imagine the airlines and FAA aren't aware if Roberts was in fact able to illegally access planes control systems "15 to 20 times," as he told FBI agents when he spoke with them earlier this year.

"Pilots know what's happening with their planes from the smallest maintenance issue up to anything serious," said Rob Sadowski, director of marketing for RSA, the world's largest computer security conference.

"We all know that from sitting on planes when they tell us, 'We can't get the door light to go on, so we're not taking off,'" he said.

Roberts is well known and respected in the security industry and speaks at multiple conferences on various security topics, including aircraft security, said Sadowski. Roberts spoke at the most recent RSA conference in April.

However, he doesn't think it's likely Roberts was actually able to get from the plane's in-flight entertainment network to its flight control systems.

"As someone in the industry who looks at the design of systems like this, I would find it very hard to believe that these systems were not isolated," he said.

Some security experts worry that that may not always be true.

Price noted that a report issued by the Government Accountability Office in January described possible problems as the Federal Aviation Administration moves from the current radar-based air traffic control system to one that is based on satellite navigation and automation.

"While it's doubtful whether this guy could have accessed anything really important by hacking the in-flight entertainment system, it's likely that he will be able to do so in the near future," Price said.

Most of the computer experts contacted also noted they spend a lot of time flying, and hope no one would put an airplane at risk simply to show they could.

"I want to believe that if I saw anyone onboard any plane that I was traveling on try and plug anything into the plane that didn't look like it was supposed to be there, I would be the first person not just alerting the crew but likely jumping up and tackling the person," said Brian Ford, with security firm Lancope.