Researcher tells FBI he was able to hack plane via the in-house entertainment system
A security researcher has told the FBI he was able to hack into aircraft computer systems on numerous occasions through the in-flight entertainment network - and once caused a plane he was on to move sideways.
Although the claims are still being investigated, the airline involved, United, cast doubt on whether it was possible to control a plane through the entertainment system.
But other experts said such cyber-threats should be taken seriously because aircraft are increasingly connected to the internet.
Chris Roberts, the founder of One World Labs, which tries to discover security risks before they are exploited, was questioned after arriving at Syracuse Hancock International Airport in New York on April 15.
He had suggested on Twitter while on a United Airlines flight from Chicago that he could get the oxygen masks to deploy or interfere with the cockpit's alert systems, according to an FBI agent's court filing seeking a search warrant for Mr Roberts' laptop and other electronics.
Mr Roberts met the FBI in February and March to discuss vulnerabilities with in-flight entertainment systems aboard certain aircraft, the affidavit said. During the meetings, he claimed to have compromised the systems 15 to 20 times between 2011 and 2014, using a cable to connect his laptop to an electronics box located beneath passenger seats.
"He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights," the affidavit said.
Mr Roberts declined to comment when reached at his office in Denver, Colorado, but in a statement issued through his lawyer, he said his "only interest has been to improve aircraft safety".
"Given the current situation, I've been advised against saying more," the statement provided by Nate Cardozo, a staff lawyer with San Francisco-based Electronic Frontier Foundation, said.
A report by the US Government Accountability Office last month said some commercial aircraft may be vulnerable to hacking over their on-board wireless networks.
"Modern aircraft are increasingly connected to the internet. This interconnectedness can potentially provide unauthorised remote access to aircraft avionics systems," the report said.
The fact that passengers on flights with in-seat video monitors can shift between television and a map showing the plane's real-time location indicates a link between the flight control and passenger entertainment networks, said Steven Bellovin, a computer science professor at Columbia University.
Planes that offer wi-fi are probably using the same data link used by pilots to communicate with the airline, he said.
"Now the question is, what is the form of isolation between the passenger network and everything else?" Prof Bellovin said. "There is some kind of linkage but there are different ways to do this - really securely and not particularly securely, and I have no way of knowing which has actually been done here."
After stopping Mr Roberts from continuing on from Syracuse to California following his FBI interview last month, United cited his "claims regarding manipulating aircraft systems".
"However, we are confident our flight control systems could not be accessed through techniques he described," spokesman Rahsaan Johnson said.
A Boeing spokesman said in-flight entertainment systems on airliners were isolated from flight and navigation systems.
Pilots have more than one navigation system and "no changes to the flight plans loaded into the airplane systems can take place without pilot review and approval", he said.