US computer expert ‘grounded’ after playful plane security tweets
When a computer security expert from Denver tweeted some amusing remarks about hacking the onboard systems of his United Airlines flight, he didn’t know FBI agents would be waiting at his destination. Later, he was refused boarding to another flight.
Watch out what you tweet – or face the consequences! Chris Roberts, of One World Labs in Denver, has learnt that sharing knowledge in Twitter about how transport security systems operate is a bad idea.
On Wednesday, when Roberts flew from Denver to Syracuse, N.Y., after boarding, he posted a tweet about what he would do if he managed to hack the aircraft’s computers.
Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? "PASS OXYGEN ON" Anyone ? :)
— Chris Roberts (@Sidragon1) April 15, 2015
EICAS stands for “engine-indicating and crew-alerting system”, so Roberts actually pondered playing with the aircraft's onboard communication system.
It was enough to get him acquainted with FBI agents, who were waiting for him in Syracuse. They questioned him for four hours.
Roberts was released after interrogation, but practically all his personal electronic equipment, including a MacBook Pro, an iPad, several hard drives and USB memory sticks, were confiscated. Roberts proved this by posting an FBI “receipt for Property Received.” The only electronic item Roberts was allowed to keep was his iPhone, Forbes.com reported.
A member of the security research community himself, Roberts expressed surprise with the pace of developments, though he should have known better that everything posted online is constantly monitored by numerous US security agencies.
Lesson from this evening, don't mention planes....the Feds ARE listening, nice crew in Syracuse, left there naked of electronics
— Chris Roberts (@Sidragon1) April 16, 2015
After returning to Denver for a couple of days, Roberts headed
for San Francisco on Saturday to take part in the RSA Conference
2015 cyber security summit.
In the airport, reportedly already after passing the gate, he was told by United Airlines staff he wouldn’t be allowed on board.
Since Roberts had made public statements about airfare equipment and aircraft systems manipulation, "That's something we just can't have," said United Airlines spokesman Rahsaan Johnson, explaining this is not only a "violation of United's policies" but "it's not something we want our inflight crews and customers to deal with," Johnson said.
Johnson also said Roberts was notified about the company’s decision not to provide him with their service several hours before the incident.
“We reached out to him several hours before departure and had a conversation with him,” Johnson said.
But Mr Roberts nevertheless opted to take a chance and attempted to fly.
“Roberts was told to expect a letter explaining the reasons for not being allowed to travel on United," Roberts’ lawyers, from the Electronic Frontier Foundation (EFF) cyber rights group in San Francisco, said on Saturday.
Chris Roberts, who among other things researches vulnerabilities of transportation systems, managed to get to San Francisco the same day using another airline’s flight.
Special speaker, Chris Roberts of @OneWorldLabs presenting at our @iSecure_LLC Cyber Security Summit today! #InfoSecpic.twitter.com/73Wb11hfJG
— Donna Anna Smith (@DonnaAnnaSmith) April 16, 2015
United's refusal to allow Roberts aboard its flight "is both disappointing and confusing. As a member of the security research community, his job is to identify vulnerabilities in networks so they can be fixed," EFF's Andrew Crocker commented on the Electronic Frontier Foundation's website on Saturday.