Can a passenger really hack into Boeing 737 flight controls?

LaptopIn May 2015, an Internet security professional was questioned by agents from the Federal Bureau of Investigations (FBI) after he was allegedly able to hack into the flight control system of a commercial aircraft. Chris Roberts, a citizen of the United States, works for One World Labs, a tech company that specializes in detecting security flaws in computer network systems. Mr. Roberts made claims about his ability to hack his way into an in-flight control system that allowed him to make a Boeing 737 climb and somehow move horizontally.

The claims made by Mr. Roberts came to light on a search warrant application issued by the FBI. At one point, Mr. Roberts was banned from boarding commercial aircraft after he posted Twitter updates that indicated his purported ability to hack into flight control systems.

While being interviewed by the FBI, Mr. Roberts claimed that he was able to access the engine control system of a Boeing 737 operated by United Airlines in mid-flight. Mr. Roberts stated that he connected a laptop using network cable connectors to plug into a network module that gave him direct access to the in-flight entertainment (IFE) system. In many commercial aircraft these days, the IFE can be operated by means of a touch screen located behind each seat; in some cases, the control module of the IFE is a box located under the seats. Mr. Roberts claims to have physically connected a portable computer to one of these boxes.

It is interesting to note that a popular feature in many modern IFE systems is that they receive data and communications used by the flight crew in the cockpit; that is how route maps, speed, temperature and other information is displayed. Mr. Roberts claimed to have found that the flight control system was connected to the IFE, and thus he contended that he was able to alter the flight plan.

Boeing officials have already made public statements that indicate the IFE and flight control systems of commercial aircraft are isolated. Moreover, Mr. Roberts has also mentioned that he has connected a laptop to the IFE control module on at least a dozen occasions since 2011, which is something that aircraft industry analysts believe is highly improbable. In the wake of the 9/11 terrorist attacks, Mr. Roberts’ fellow passengers would have certainly alerted the flight crew had they seen him trying to access the IFE box under the seat for the purpose of connecting his laptop computer.

Mr. Roberts was banned from commercial flights due to his comments on Twitter. It’s probably a good idea to ban anyone that might be mentally unstable from flying. Mr. Roberts was able to get legal assistance from the Electronic Frontier Foundation and attorneys from that organization have counseled him during periods of interrogation by FBI agents. Looks like he might need a different kind of counseling as well.