Cyber-security consultant claims he hacked into United Airlines in-flight computer system

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

DENVER, CO – Time now for a little irony.

It’s the story about cyber-security consultant Chris Roberts who claims to have hacked into the inflight entertainment system of passenger jets up to 20 times over several years, even taking control of one plane and making it fly sideways.

Now he’s under investigation, but not charged, by the FBI for cyber-security violations.

Roberts is with Denver’s One World Labs.

He came to the attention of the feds and United Airlines on April 15 when he tweeted about hacking into the entertainment and satellite communication systems of his flight.

“Inflight entertainment has two avenues from there,” Roberts told Paul’s Security Weekly. “It goes to the cabin control systems. And it also goes out to the satellite systems. So you’ve got two attack avenues from there.”

Roberts’s tweet landed him in big-time trouble with the feds who took him off a plane in Syracuse, New York.

A request for an FBI search warrant says Roberts told investigators he hacked the entertainment systems of various planes as many as 20 times between 2011 and 2014 using his laptop to connect the entertainment controls under his seats.

Roberts apparently told the FBI that once he gets into one of those Inflight Entertainment Systems, he can get into the airplane’s navigation controls, which he said he used one time to make a plane climb, and even fly sideways.

Roberts later tweeted: “over last 5 years my only interest has been to improve aircraft security,” adding that “given the current situation I've been advised against saying much.”

Adding to the growing list of ironies to this story, United Airlines, the carrier that turned him in to the FBI, offers rewards, or bounties, to registered hackers who report bugs in the airline’s computer system.

Those bounties include one-million award miles for finding remote code execution bugs that let hackers get into a computing device to make unauthorized changes.

Seems like the friendly skies may be a little too friendly, especially for flight hackers.