FBI alert: Get these motherf'king hackers off this motherf'king plane

One guy made a joke? OK, this just got real – keep your eyes peeled, everyone


The FBI is warning airlines to keep an eye out for miscreants hacking airplane computer networks mid-flight.

The alert – privately circulated today by the FBI's InfraGard program – claims hackers may or may not be able to take over a plane's navigational system via the in-flight entertainment (IFE) system or public Wi-Fi network. The bulletin urges staff and flight crews to:

  • Report any suspicious activity involving travelers connecting unknown cables or wires to the IFE system or unusual parts of the airplane seat.
  • Report any evidence of suspicious behavior following a flight, such as IFE systems that show evidence of tampering or the forced removal of covers to network connection ports.
  • Report any evidence of suspicious behavior concerning aviation wireless signals, including social media messages with threatening references to Onboard Network Systems, ADS-B, ACARS, and Air Traffic Control networks.
  • Review network logs from aircraft to ensure any suspicious activity, such as network scanning or intrusion attempts, is captured for further analysis.

The alert, a copy of which was obtained by WiReD, notes that there have been no actual cases of hackers hijacking aircraft via in-flight movies. However, airlines should nonetheless be wary of anyone attempting to connect to a plane's local network via a cabled connection, apparently.

"Although the media claims remain theoretical and unproven, the media publicity associated with these statements may encourage actors to use the described intrusion methods," the Feds' memo reads.

The warning appears to have been sparked by a jokey tweet by security researcher Chris Roberts of One World Labs, who mulled messing around with the systems of his United flight as it flew from Chicago to Syracuse, New York.

Roberts says he did not perform any of the described actions, but was met upon the arrival in New York by FBI agents, who quizzed him for four hours. Roberts was then banned by United Airlines from its flights.

Just before this kicked off, the US Government Accountability Office acknowledged in a report that hackers could maybe, possibly, tamper with in-flight systems via the on-board Wi-Fi. "According to the FAA and experts we interviewed, modern communications technologies, including IP connectivity, are increasingly used in aircraft systems, creating the possibility that unauthorized individuals might access and compromise aircraft avionics systems," the report warned.

In 2013, a security researcher claimed that some commercial aircraft could be compromised with little more than a mobile phone, a claim the FAA disputed. ®


Other stories you might like

  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading
  • Big Tech loves talking up privacy – while trying to kill privacy legislation
    Study claims Amazon, Apple, Google, Meta, Microsoft work to derail data rules

    Amazon, Apple, Google, Meta, and Microsoft often support privacy in public statements, but behind the scenes they've been working through some common organizations to weaken or kill privacy legislation in US states.

    That's according to a report this week from news non-profit The Markup, which said the corporations hire lobbyists from the same few groups and law firms to defang or drown state privacy bills.

    The report examined 31 states when state legislatures were considering privacy legislation and identified 445 lobbyists and lobbying firms working on behalf of Amazon, Apple, Google, Meta, and Microsoft, along with industry groups like TechNet and the State Privacy and Security Coalition.

    Continue reading
  • SEC probes Musk for not properly disclosing Twitter stake
    Meanwhile, social network's board rejects resignation of one its directors

    America's financial watchdog is investigating whether Elon Musk adequately disclosed his purchase of Twitter shares last month, just as his bid to take over the social media company hangs in the balance. 

    A letter [PDF] from the SEC addressed to the tech billionaire said he "[did] not appear" to have filed the proper form detailing his 9.2 percent stake in Twitter "required 10 days from the date of acquisition," and asked him to provide more information. Musk's shares made him one of Twitter's largest shareholders. The letter is dated April 4, and was shared this week by the regulator.

    Musk quickly moved to try and buy the whole company outright in a deal initially worth over $44 billion. Musk sold a chunk of his shares in Tesla worth $8.4 billion and bagged another $7.14 billion from investors to help finance the $21 billion he promised to put forward for the deal. The remaining $25.5 billion bill was secured via debt financing by Morgan Stanley, Bank of America, Barclays, and others. But the takeover is not going smoothly.

    Continue reading

Biting the hand that feeds IT © 1998–2022