United Airlines stopped a security researcher from boarding a flight from Colorado to San Francisco on Saturday, three days after he was removed from a flight by federal agents in New York. The reason why? He knows too much.
The researcher, Chris Roberts, was questioned for four hours on Wednesday by the Federal Bureau of Investigation (FBI) after implying on Twitter during a United flight to Syracuse, N.Y., that he could hack into the airplane’s systems and make the oxygen masks deploy. Authorities reportedly seized his laptop, iPad, hard drives, and other computer gear.
Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? "PASS OXYGEN ON" Anyone ? :)— 42…Hanging in the Lab :) (@Sidragon1) April 15, 2015
Roberts, founder of the security intelligence firm One World Labs, was stopped at the gate by security personnel while attempting to board another United flight Saturday in Colorado. According to his attorney, United didn’t provide a detailed explanation for why he wasn’t allowed on the plane, and he was told to expect a letter from the airline within two weeks. He later arrived in San Francisco after boarding a flight with another airline.
Bye bye electronics, all encrypted….and all now in custody/seized pic.twitter.com/a5o6rYTbZ0— 42…Hanging in the Lab :) (@Sidragon1) April 16, 2015
Lesson from this evening, don't mention planes….the Feds ARE listening, nice crew in Syracuse, left there naked of electronics— 42…Hanging in the Lab :) (@Sidragon1) April 16, 2015
United spokesman Rahsaan Johnson told the Associated Press that while they are “confident our flight control systems could not be accessed” in the ways described by Roberts, “it’s in the best interest of our customers that he not be allowed to fly United.”
Roberts is represented by attorneys the Electronic Frontier Foundation (EFF), a San Francisco-based digital rights organization.
“EFF has long been concerned that knee-jerk responses to legitimate researchers pointing out security flaws can create a chilling effect in the infosec community,” the group said in a statement, adding: “As a member of the security research community, [Robert’s] job is to identify vulnerabilities in networks so that they can be fixed.” [Emphasis theirs.]