Chris Roberts is a prominent security researcher and a white hat hacker – one of the good guys – who earns a living by pointing out vulnerabilities in security systems, including those on commercial aircraft. Shortly before boarding a flight from Denver to Syracuse, he jokingly tweeted about hacking into the airline’s engine-indicating and crew-alerting system and forcing the plane to deploy the passengers’ oxygen masks. The FBI noticed and – despite that smiley face he tacked on the end of the tweet – they failed to see the humor. Roberts was removed from the flight, detained for four hours and his laptops, hard drives and other electronics were confiscated.
On Saturday, he attempted to board another United flight from Denver to San Francisco when he was stopped by the airline’s own security officers at the gate and told that he could not board the flight. He was not given a specific reason, though airline officials said that he would receive an explanatory letter within two weeks. A United spokesperson told the Associated Press:
Given Mr Roberts’ claims regarding manipulating aircraft systems, we’ve decided it’s in the best interest of our customers and crew members that he not be allowed to fly United. However, we are confident our flight control systems could not be accessed through techniques he described.
Through his cybersecurity firm, One World, Roberts has been vocal in pointing out the flaws in the airlines’ computer systems. In recent interviews, he has claimed that while sitting on his flight, he connected his personal laptop to the CAN (Controller Area Network) data bus and could then receive information from the avionics control systems. “I could see the fuel rebalancing, thrust control system, flight management system, the state of controllers,” Roberts told CNN Money.
Roberts says that he has repeatedly informed both Boeing and Airbus about these weaknesses within their computer systems, but they’ve shrugged him off. After his own back-to-back issues with United, Roberts sought legal representation from the Electronic Frontier Foundation. Attorney Nate Cardozo said:
It is disappointing that United refused to allow him to board, and we hope that United learns that computer security researchers are a vital ally, not a threat.
Roberts made a last-minute Southwest flight from Denver to San Francisco. He will be speaking about the security vulnerabilities within computer systems at this week’s RSA Conference.