Saturday, 18 April 2015

FBI Pulls Computer Security Expert Off Flight, After He Tweets About Hacking Its Systems

Computer security experts tend to be suspicious souls. Sometimes, though, others become suspicious of them. Chris Roberts, a Colorado-based security fiend, took to Twitter to nudge United Airlines about what he believes is a weakness in its security systems.

His tweet from on board a United flight on Wednesday read: "Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? "PASS OXYGEN ON" Anyone ? :)"
This wouldn't necessarily sound like English to everyone. However, as CNN reports, his specialty is aircraft security systems.

He and the company he works for, One World Labs, have for some time nagged Airbus and Boeing. Their concern is how easy it allegedly is to connect a laptop to a box beneath an airline seat and witness many of the plane's systems in action.

Roberts says that after his tweet -- which specifically referenced the notion that he could get the oxygen masks to deploy -- he was pulled from the plane by the FBI.

He says he had all his computer gear taken from him, as well as having many questions tossed at him. I have contacted the FBI for confirmation and to ask how the tweet came to its notice. I will update, should I hear. CNN reported that United wasn't offering any comment of its own but was instead deferring to the FBI. Nevertheless, I've contacted the airline as well and will update this story with any new information.

Since his detainment, Roberts has continued to tweet about it. He laughed about United sending him an email wanting to know about his latest flight experience.

Today, he was on another flight and tweeted: "Ok made it TO plane in Syracuse...now let's see what happens :-) still NO warrant, and no electronics....."

And just hours ago, he tweeted that he was safely back in Colorado and hadn't been stopped by "suited agents."

Roberts' initial motivation, he told CNN, was simple: "I'm just so frustrated that nothing is getting fixed." He did admit, however, to having been "probably a little more blunt than I should have been."
I have contacted both Airbus and Boeing to ask what they feel about Roberts' allegations. I've not heard back yet from Airbus, but Boeing sent the following:
Boeing is committed to designing airplanes that are both safe and secure -- meeting or exceeding all applicable regulatory requirements for both physical and cybersecurity.

Boeing has put in place, and demonstrated to the airlines and regulatory agencies, the appropriate cybersecurity safeguards, both hardware and software.

IFE systems on commercial airplanes are isolated from flight and navigation systems. While these systems receive position data and have communication links, the design isolates them from the other systems on airplanes performing critical and essential functions.

Roberts told CNN that he's tried connecting to flight systems 15 to 20 times and seen all sorts of things, such as the flight management system. I have contacted Roberts directly for more information and will update, should I hear.

Given that he appears to have been allowed on another flight today, one imagines he's not deemed an actual security risk.

However, should someone next to you on a flight be plugging their laptop in to something beneath their seat, what would you do? I'd ask them for their business card, naturally.

Written by:
Chris Matyszczyk
Chris Matyszczyk is an award-winning creative director who advises major corporations on content creation and marketing....

Source:
cnet.com

No comments: