Researcher Denied Airline Flight After Tweet About Hacking
By THE ASSOCIATED PRESS

WASHINGTON — United Airlines stopped a prominent security researcher from boarding a California-bound flight late Saturday, following a social media post by the researcher days earlier suggesting the airline's onboard systems could be hacked.

The researcher, Chris Roberts, attempted to board a United flight from Colorado to San Francisco to speak at a major security conference there this week, but was stopped by the airline's corporate security at the gate. Roberts founded One World Labs, which tries to discover security risks before they are exploited.

Roberts had been removed from an earlier United flight Wednesday by the FBI after landing in Syracuse, New York, and was questioned for four hours after jokingly suggesting on Twitter he could get the oxygen masks on the plane to deploy. Authorities also seized Roberts' laptop and other electronics, although his lawyer says he hasn't seen a search warrant.

A lawyer for Roberts said United gave him no detailed explanation Saturday why he wasn't allowed on the plane, saying instead the airline would be sending Roberts a letter within two weeks stating why they wouldn't let him fly on their aircraft.

"Given Mr. Roberts' claims regarding manipulating aircraft systems, we've decided it's in the best interest of our customers and crew members that he not be allowed to fly United," airline spokesman Rahsaan Johnson told The Associated Press. "However, we are confident our flight control systems could not be accessed through techniques he described."

When asked what threat Roberts posed if United's systems couldn't be compromised, Johnson said Sunday: "We made this decision because Mr. Roberts has made comments about having tampered with aircraft equipment, which is a violation of United policy and something customers and crews shouldn't have to deal with."

Johnson said the airline reached Roberts several hours before his flight to tell him he couldn't fly. But a lawyer for Roberts said Sunday that when his client received that call, the caller would only say he or she was from United, and wouldn't give Roberts a name or callback number. When Roberts then tried calling the number back from his phone's caller ID, it rang instead to a resort hotel, and Roberts assumed it was a prank call, Roberts' lawyer said.

In recent weeks, Roberts gave media interviews in which he discussed airline system vulnerabilities. "Quite simply put, we can theorize on how to turn the engines off at 35,000 feet and not have any of those damn flashing lights go off in the cockpit," he told Fox News.

Roberts also told CNN he was able to connect to a box under his seat at least a dozen times to view data from the aircraft's engines, fuel and flight-management systems.

"It is disappointing that United refused to allow him to board, and we hope that United learns that computer security researchers are a vital ally, not a threat," said Nate Cardozo, a staff attorney with the San Francisco-based Electronic Frontier Foundation, which represents Roberts.

Cardozo said Sunday he hasn't seen a copy of a search warrant that would have been used to seize Roberts' electronics, and that he's working to get the devices returned.

The FBI declined to comment on the matter Sunday.

The Government Accountability Office said last week that some commercial aircraft may be vulnerable to hacking over their onboard wireless networks. "Modern aircraft are increasingly connected to the Internet. This interconnectedness can potentially provide unauthorized remote access to aircraft avionics systems," its report found.

Roberts took an alternate flight on Southwest Airlines and arrived in San Francisco Saturday evening. He speaks this week at the RSA Conference about computer security vulnerabilities.

駭進飛機電腦 專家揭飛安漏洞

美國電腦駭客羅伯茲（Chris Roberts）為突顯美國航空飛航安全漏洞，2011年至2014年間搭機時數度利用個人電腦駭進機上娛樂系統，短暫操控飛機並改變航線，甚至曾讓一具引擎進入爬升模式，導致飛機短暫傾斜側飛。

美國資訊安全公司「一個世界實驗室」（One World Labs）創辦人羅伯茲四月十六日搭乘聯合航空從芝加哥飛往紐約雪城的班機，他在機上透過社群網站推特推文暗示，他能駭入機上電腦系統，讓氧氣罩全數掉落。飛機降落後，羅伯茲被航警帶下飛機，並遭美國聯邦調查局（FBI）逮捕，四小時後無罪釋放。

加拿大APTN五日率先曝光羅伯茲四月十七日遭FBI搜索票，內容寫道羅伯茲「扭動並擠壓」卸下座椅下方的「機上娛樂系統」外殼，利用改良過的轉接頭及乙太網路線，連結筆電和機上娛樂系統，再用預設帳號密碼登入，覆寫「飛行管理電腦」，下達爬升指令或讓飛機短暫改變航線。

羅伯茲未料到搜索票內容會曝光，他說：「我最擔心的是與FBI的多次談話，他們保證不會公開那些事，但事實顯然不是如此。報導曝光的內容僅是多次討論中的一小段，還有許多內容被遺漏了，但我不能透露那是什麼。」

羅伯茲六年前取得各種機型的飛航手冊和線路程式後開始調查飛安漏洞，他曾直接向兩大飛機製造商舉報飛安問題，但未獲回應。羅伯茲二月向一名FBI探員表示，他駭進波音737、757、空巴Ａ320等機型的機上娛樂中心十五到廿次。

防毒軟體公司AlienVault Labs負責人巴斯柯推文道，「難以置信，但若屬實，他應該入獄。」雅虎資訊安全長史塔莫斯則批評，不該以資安研究為由讓同機數百人面臨生命危險。

原文參照：
http://www.nytimes.com/aponline/2015/04/20/us/ap-us-travel-security-researcher-airline.html

2015-05-18．聯合報．A13．國際．編譯陳韻涵