Chris Roberts, a cybersecurity expert and founder of a security intelligence company that identifies security breaches before hackers can exploit them, was detained for four hours and deprived of his IT equipment after a tweet on United Airlines Boeing 737/800’s security while being on board. The tweet, which was supposed to be a funny, harmless joke, did not amuse the guys from the Federal Bureau of Investigation, nor the United Airlines staff.
Yet, Roberts is well-known for his lack of diplomacy on spiky issues such as “cyber-insecurity” of airplanes. About a couple of weeks ago he told a news channel:
“We can still take planes out of the sky thanks to the flaws in the in-flight entertainment systems.”
He also said that those flaws could allow a malevolent person turn a plane’s engines off at an altitude of about 35,000 feet and not trigger the flashing lights in the cockpit.
Moreover, the day before the security expert posted his tweet while flying an United Airlines jet, the US General Accounting Office released a report which stated that it was highly probable for a plane to be brought down by on-board hackers.
A representative of the House Transportation and Infrastructure Committee who requested the federal investigation said that a hacker with a laptop could take over the airplane through the device’s Wi-Fi connection without anyone even noticing.
So, Roberts was not very inspired to launch an airline security joke amid so much tension which had been building up for weeks. But he tried to bring a valid excuse by telling reporters that he made that joke because he was frustrated that nothing ever got fixed.
Yet, his problems are far from over. This week he tried to use United Airlines to reach San Francisco where he was expected to attend a RSA security conference. But the company declined him admission.
Later that day, a spokesperson for the United Airlines explained that Roberts remarks that aircraft systems could be manipulated by hackers were false and harmed the company’s reliability among its customers and staff. The spokesperson also said that it was in the best interest of the airline’s crew members and customers not to allow Roberts to fly United Airlines.
However, Roberts made it to the conference, where he will deliver a speech on transport security issues Thursday, by using SouthWest Airlines.
On the other hand, other cybersecurity firms and organizations defended Roberts. An attorney for the Electronic Frontier Foundation wrote in an e-mail that Roberts’ job of finding network vulnerabilities which later could get fixed should not be hindered. The lawyer also argued that companies should view people like Roberts as allies that could help them fix stuff, rather than enemies.
Nevertheless, Roberts’ joke was far from being appropriate. Although no one could suspect him of terrorist intents, his tweet from a plane suggesting that it could be hacked by on-board hackers was just as bad as shouting “fire” in a crowded film theater.
All the more, this joke comes roughly a month later after a German pilot deliberately crashed an Airbus into the French Alps killing all 150 passengers and crew members.
Image Source: YouTube