Security researcher Chris Roberts has posted some inflammatory things about Boeing airplanes earlier this year, going as far as claiming to have once used the in-flight entertainment system, with a special cable, to send commands to one of the engines and affect the plane’s flight.
When I first heard Roberts’ assertions, my initial reaction was to ask why any security professional would continue to board a plane. Then last week Patrick Gray had the brilliant idea to talk to an Airbus pilot. After listening to the interview, I felt better.
The anonymous Airbus pilot confirmed many people’s suspicions that if Roberts had indeed interfered with the normal operation of the plane, the pilots would have detected it.
More importantly, the pilots would have been able to regain control of the plane. The pilot confirmed that, if worse comes to worse, you can shut off enough computers to turn a commercial airliner into a big Cessna if necessary. He said you hope it doesn’t happen because airline pilots aren’t very good at flying Cessnas, but I suspect that may have been more Australian humor than lack of respect.
As for Roberts, the Defensive Security Podcast assembled a pattern of behavior back in May that suggests, at the very least, that Roberts tends to exaggerate things. (Cue up to about 23:40 in to hear what they have to say, including clips of Roberts speaking at security conferences.)
So I don’t think anyone but Roberts actually knows what Roberts has and hasn’t done, and he’s not talking about it anymore.
More importantly, Gray has a real-life airline pilot saying he knows what he would do if someone actually did try to do what Roberts claimed to have done, and he doesn’t have to understand what’s happening while it’s happening to intervene and regain control of the plane. It might be uncomfortable, and the plane may end up landing somewhere other than its intended destination, but it makes it highly unlikely that a hotshot hacker actually can put the lives of the other passengers at risk. And that’s a good thing.