Plane hacker Chris Roberts denies taking control of Boeing 737

Hacker backtracks on FBI plane-control claims

A security researcher who claimed in an affidavit to have hacked and commandeered a passenger airline has denied the story.

The researcher, Chris Roberts, had indicated that he was able to hack into the Boeing 737/800 on which he was travelling and take over the controls via the on-board entertainment system. The story was widely reported over the weekend.

It followed a tweet last month: "Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? "PASS OXYGEN ON" Anyone ? :)".

Roberts was subsequently questioned by the US Federal Bureau of Investigation (FBI). During questioning, he reportedly claimed that he had compromised the in-flight entertainment systems "approximately 15 to 20 times" between 2011 and 2014, but has since denied the story, which was nevertheless widely reported over the weekend.

In a just-published affidavit, Roberts claimed that he had "connected to other systems on the airplane network after he exploited/gained access to, or 'hacked' the IFE system.

"He stated he then overwrote code on the airplane's Thrust Management Computer, while aboard a flight. He stated that he successfully commanded the system he had accessed to issue the 'CLB' or climb command. He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights."

Roberts was able to connect his laptop to the seat electronic box (SEB) after removing the cover to the device - fitted underneath passengers' seats - and connecting it via a Cat6 ethernet cable, using a modified connector. Once connected to the entertainment system, he claims that he was able to gain access to other networks running on the plane.

But Roberts has said that the paragraph in the affidavit in which it is claimed he was able to cause the plane to climb is inaccurate. In an interview in Wired magazine, he described that as "one paragraph out of a lot of discussions".

He added: "There is context that is obviously missing, which obviously I can't say anything about... the federal guys took one paragraph out of a lot of discussions, and a lot of meetings and notes, and just chose that one as opposed to plenty of others," he said.

He did, though, admit to hacking into the in-flight entertainment system, but says that all he did was to explore the network and observe traffic over the in-flight system.

According to Boeing, the networks over which the plane's critical systems operate is completely separate from the network over which its entertainment systems operate.

Wired, meanwhile, claims that the original tweet that had landed Roberts in trouble was intended as a sarcastic joke: "A reference to how he had tried for years to get Boeing and Airbus to heed warnings about security issues with their passenger communications systems.

"His tweet about the Engine Indicator Crew Alert System, or EICAS, was a reference to research he'd done years ago on vulnerabilities in in-flight infotainment networks, vulnerabilities that could allow an attacker to access cabin controls and deploy a plane's oxygen masks."