Airline bars passenger from flight over “security threat” tweet

SAN FRANCISCO, CA – A prominent security researcher was stopped from boarding a California-bound flight late on Saturday, following a social media post by the researcher days earlier that suggested the airline’s onboard systems could be hacked.

The researcher, Chris Roberts, attempted to board a United Airlines flight from Colorado to San Francisco to speak at a major security conference there this week, but was stopped by the airline’s corporate security at the gate. Roberts founded One World Labs, which tries to discover security risks before they are exploited.

Roberts had been removed from an earlier United flight on Wednesday by the FBI and questioned for four hours, after jokingly suggesting on Twitter he could get the oxygen masks on the plane to deploy. Authorities also seized his laptop and other electronics.

A lawyer for Roberts said United gave him no detailed explanation on Saturday why he wasn’t allowed on the plane, saying instead the airline would be sending Roberts a letter within two weeks stating why it wouldn’t let him fly on its aircraft.

“Given Mr Roberts’ claims regarding manipulating aircraft systems, we’ve decided it’s in the best interest of our customers and crew members that he not be allowed to fly United,” said airline spokesman Rahsaan Johnson. “However, we are confident our flight control systems could not be accessed through techniques he described.”

Johnson did not respond to a follow-up question on why Roberts would still be a threat if he couldn’t, in fact, compromise United’s control systems.

In recent weeks, Roberts gave media interviews in which he discussed airline system vulnerabilities. “Quite simply put, we can theorise on how to turn the engines off at 35,000ft and not have any of those damn flashing lights go off in the cockpit,” he told Fox News.

Roberts also told CNN he was able to connect to a box under his seat at least a dozen times to view data from the aircraft’s engines, fuel and flight-management systems.

“It is disappointing that United refused to allow him to board, and we hope that United learns that computer security researchers are a vital ally, not a threat,” said Nate Cardozo, a staff attorney with the San Francisco-based Electronic Frontier Foundation, which represents Roberts.

The Government Accountability Office said last week that some commercial aircraft may be vulnerable to hacking over their onboard wireless networks.

“Modern aircraft are increasingly connected to the Internet. This interconnectedness can potentially provide unauthorized remote access to aircraft avionics systems,” its report found.

Roberts took an alternate flight on Southwest Airlines and arrived in San Francisco Saturday evening. He speaks this week at the RSA Conference about computer security vulnerabilities.