Security Researcher Removed from Flight Following Tweet about Security Risks
#1
Moderator: Travel Safety/Security, Travel Tools, California, Los Angeles; FlyerTalk Evangelist
Original Poster
Join Date: Dec 2009
Location: LAX
Programs: oneword Emerald
Posts: 20,618
Security Researcher Removed from Flight Following Tweet about Security Risks
Overreaction?
Researcher denied flight after tweet poking United security
Roberts continued his trip on Southwest.
Computer researcher denied flight after tweet poking United about aircraft security
United Airlines stopped a prominent security researcher from boarding a California-bound flight late Saturday, following a social media post by the researcher days earlier suggesting the airline's onboard systems could be hacked.
<snip>
Roberts had been removed from a United flight on Wednesday by the FBI after landing in Syracuse, New York, and was questioned for four hours after jokingly suggesting on Twitter he could get the oxygen masks on the plane to deploy. Authorities also seized Roberts' laptop and other electronics, although his lawyer says he hasn't seen a search warrant.
<snip>
When asked what threat Roberts posed if United's systems couldn't be compromised, Johnson said Sunday: "We made this decision because Mr. Roberts has made comments about having tampered with aircraft equipment, which is a violation of United policy and something customers and crews shouldn't have to deal with."
<snip>
Roberts also told CNN he was able to connect to a box under his seat at least a dozen times to view data from the aircraft's engines, fuel and flight-management systems.
<snip>
The Government Accountability Office said last week that some commercial aircraft may be vulnerable to hacking over their onboard wireless networks. "Modern aircraft are increasingly connected to the Internet. This interconnectedness can potentially provide unauthorized remote access to aircraft avionics systems," its report found.
<snip>
United Airlines stopped a prominent security researcher from boarding a California-bound flight late Saturday, following a social media post by the researcher days earlier suggesting the airline's onboard systems could be hacked.
<snip>
Roberts had been removed from a United flight on Wednesday by the FBI after landing in Syracuse, New York, and was questioned for four hours after jokingly suggesting on Twitter he could get the oxygen masks on the plane to deploy. Authorities also seized Roberts' laptop and other electronics, although his lawyer says he hasn't seen a search warrant.
<snip>
When asked what threat Roberts posed if United's systems couldn't be compromised, Johnson said Sunday: "We made this decision because Mr. Roberts has made comments about having tampered with aircraft equipment, which is a violation of United policy and something customers and crews shouldn't have to deal with."
<snip>
Roberts also told CNN he was able to connect to a box under his seat at least a dozen times to view data from the aircraft's engines, fuel and flight-management systems.
<snip>
The Government Accountability Office said last week that some commercial aircraft may be vulnerable to hacking over their onboard wireless networks. "Modern aircraft are increasingly connected to the Internet. This interconnectedness can potentially provide unauthorized remote access to aircraft avionics systems," its report found.
<snip>
#3
Moderator: Travel Safety/Security, Travel Tools, California, Los Angeles; FlyerTalk Evangelist
Original Poster
Join Date: Dec 2009
Location: LAX
Programs: oneword Emerald
Posts: 20,618
Tweeting is one way of promoting the services offered by his employer, One World Labs.
#4
Join Date: Apr 2003
Location: Seattle, Wash. USA
Posts: 1,531
Tweeting is one way of promoting the services offered by his employer, One World Labs.
#7
Join Date: Sep 2012
Location: FRA
Programs: MileagePlus Premier Silver, IHG Spire Elite, HHonors Silver, RapidRewards
Posts: 382
Why not tweet? It's not a crime. In the US it's protected free speech*.
Regardless of how mainstream media may be warping this, legitimate security researchers like this guy do the public a great service that rarely even gets recognized. If anything, they should hire him to pen test their fleet.
*Unless you're making a threat, which he wasn't.
Regardless of how mainstream media may be warping this, legitimate security researchers like this guy do the public a great service that rarely even gets recognized. If anything, they should hire him to pen test their fleet.
*Unless you're making a threat, which he wasn't.
#8
Join Date: Apr 2003
Location: Seattle, Wash. USA
Posts: 1,531
Is a pejorative fitting when he called media attention to a security vulnerability?
Discussion of this issue by security professionals can be found here.
Discussion of this issue by security professionals can be found here.
http://www.wired.com/2015/05/feds-sa...ndeered-plane/
#9
Join Date: Jun 2012
Posts: 729
That Wired article is also criticized on the blog I linked. Try again.