In case you didn’t see this last month, it’s worth noting in light of current news stories about Chris Roberts’ research and claims.
Public Intelligence writes:
The following private industry notification was published online by RenderMan of RenderLab in late April. The notification concerns claims made by security researcher Chris Roberts about vulnerabilities in “commercial aircraft’s onboard avionics and wireless networks in the aircraft’s cabins or through the aircraft’s In Flight Entertainment (IFE) network.” Through the exploitation of these vulnerabilities, “cyber actors could intrude into the onboard network systems and disrupt or disable the controls of an aircraft.”
FBI/DHS Private Industry Notification
20 April 2015
Alert Number 150420-001
So the alert was published 5 days after Roberts’s devices were seized and three days after the FBI applied for a search warrant of his devices (but presumably before any search). By April 20, they had interviewed Chris on two or more occasions in February and March and he had allegedly shared information with them, trying to help them understand the vulnerability and risk he saw. Yet they write in the industry notification:
At this time, the FBI and TSA have no information to support these claims but continue to leverage public and private sector partnerships to evaluate potential threats posed by intrusions into a commercial aircraft’s secure networks.
“No information to support these claims?” Seriously?