A US cyber-security researcher said he repeatedly managed to hack aircraft computer systems of planes he was travelling on, in one case causing the vehicle to move sideways.
The experimental attacks, reportedly carried out through the planes’ in-flight entertainment systems, took place on aircraft operated by American airline United.
The claims, revealed by the perpetrator of the attacks, cyber expert Chris Roberts, are now being investigated by the FBI. United, the affected airliner, questioned the veracity of the claim, saying it was in doubt whether it was possible to hack a plane through the entertainment system.
If confirmed, the incident would raise concerns about flight safety in the era when aircraft are becoming increasingly connected.
Roberts, founder of cyber-security firm One World Labs, was, in fact, removed from one United Airlines flight after tweeting about his exploits. Roberts told FBI that since 2011, he has managed to tamper with flight systems aboard 15 to 20 planes causing oxygen masks to deploy or even overriding commands for engines.
"He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights," said an FBI affidavit.
Roberts spoke about his activities earlier this year on Fox News, saying that although hacking the avionics and taking control over the aircraft via the entertainment system was certainly difficult, it was possible. He further added the US Federal Aviation Administration didn’t seem ready to face the seriousness of the revelation.
A report by the US Government Accountability Office last month admitted some commercial aircraft may be vulnerable to hacking over their on-board wireless networks.
"Modern aircraft are increasingly connected to the internet. This interconnectedness can potentially provide unauthorised remote access to aircraft avionics systems," the report said.
The fact that passengers on flights with in-seat video monitors can shift between television and a map showing the plane's real-time location indicates a link between the flight control and passenger entertainment networks, said Steven Bellovin, a computer science professor at Columbia University.
Planes that offer Wi-Fi are probably using the same data link used by pilots to communicate with the airline, he said.
"Now the question is, what is the form of isolation between the passenger network and everything else?" Prof Bellovin said. "There is some kind of linkage but there are different ways to do this - really securely and not particularly securely, and I have no way of knowing which has actually been done here."
United Airlines spokesmen Rahsaan Johnson said the firm was confident the planes' systems could not have been accessed by techniques described by Roberts.
A Boeing spokesman said in-flight entertainment systems on airliners were isolated from flight and navigation systems.
Pilots have more than one navigation system and "no changes to the flight plans loaded into the airplane systems can take place without pilot review and approval", he said.