Cyber Incident Victim: United Airlines
Date:
Apr 2015
Location:
United States of America
Summary
FBI investigators looked into allegations made by computer security expert Chris Roberts that he accessed the in‑flight entertainment systems on multiple flights and, on one occasion, triggered an engine climb that caused the aircraft to move laterally. Roberts said he gained entry through the seat‑mounted electronics box while a passenger on a United Airlines flight from Denver to Syracuse, after which agents met him at the airport, seized electronic devices and found signs of tampering in the seat box. Law enforcement officials stated there is no credible evidence that a hacker could manipulate flight controls via the entertainment system, and United Airlines characterized Roberts’ claims as unfounded, noting his stated motive was to improve aircraft security.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Chris Roberts, a Denver‑based computer security expert, told FBI investigators that he had accessed the in‑flight entertainment systems of commercial aircraft on 15 to 20 occasions while traveling as a passenger, describing how he entered the system through the electronic boxes located under passenger seats. In his statements to investigators Roberts claimed that on one occasion he manipulated the entertainment system in a way that caused one of the airplane’s engines to climb, which resulted in a lateral or sideways movement of the aircraft. The FBI affidavit detailing these assertions was released publicly, and Roberts later declined to speak with ABC News but discussed his activities with Fox News, emphasizing that gaining access to the systems required considerable effort, research, and multiple flights. Law enforcement sources informed ABC News that they found no evidence supporting the possibility that a hacker could seize control of an airliner’s flight‑control systems through the entertainment interface, and a senior law‑enforcement official stated that there is no credible information indicating that flight‑control systems can be accessed or manipulated from in‑flight entertainment, while noting that any attempt to tamper with such systems remains illegal and will be pursued seriously. Aviation consultant Steve Ganyard, a former Marine Corps pilot, told ABC News that while inserting false data or spoofing information to mislead the crew is conceivable, there is currently no indication that anyone can take over an airplane and fly it into a terrain obstacle.
The specific incident that triggered federal attention occurred when Roberts was a passenger on a United Airlines flight departing from Denver; during the flight he posted a tweet about the aircraft’s system that alarmed the FBI. After the plane landed in Syracuse, New York, FBI agents met Roberts at the airport, seized more than a dozen electronic items from his possession, and later examined the seat‑electronic box corresponding to his seat location, finding signs of tampering in that area. Roberts subsequently told Fox News that hacking into a plane’s Wi‑Fi is difficult and demands extensive work and numerous flights, and he reiterated on Twitter that his focus over the previous five years had been to improve aircraft security. United Airlines responded by expressing confidence that Roberts’ claims were unfounded, and federal sources told ABC News that they consider it extremely unlikely that someone could hack an aircraft’s control system while it is airborne. No further details about additional flights, other affected systems, or subsequent legal proceedings were provided in the source material.