Roughly a month ago we reported that Chris Roberts, co-founder of research firm One World Labs and self-confessed hacker, seems to have landed himself in even more hot water.
The eagle eyed among you will remember that roughly a month ago we covered a story in which a hacker tweeted about “playing” with a plane systems whilst in-flight.
That hacker was Chris Roberts and that plane was a Boeing 737-800 run by United Airlines who have since banned Roberts completely from their flights.
This wasn’t the last of it however. Forbes took a look at Roberts past Tweets and as they put it they “provide all in the industry with a timely reminder of what maybe shouldn’t be said in public.”
This coupled with alleged FBI evidence that Roberts has hacked planes in the past whilst in-flight, which Roberts refutes, has landed him in further hot water.
Crime? And punishment
Roberts claims that the FBI “incorrectly compressed” his research, although his Twitter history doesn’t do him any favours.
As detailed in the follow-up Forbes article Roberts tweeted about hacking planes, cars and even the “Mars Rover Curiosity”. One of the planes he tweeted about hacking was “Air Force One”, if that doesn’t get you on a government list we don’t know what does.
We asked Mark James, ESET security specialist, whether he thought the punishment was justified or a little on the harsh side.
Mark believes that any threat should be taken seriously but “there are right and wrong ways to bring software or hardware faults to the developers/manufactures attention and this clearly was the wrong way.
“We should encourage the means to identify potential problems but they also should be tested in a safe environment, ideally working with the company it affects.”
A large part of the problem (potentially) is that the airline has (allegedly) a mountain of evidence and flippant tweets to level against Roberts, even if his concerns about plane security are 100% factual.
All of the ‘potentially’s’ and ‘allegedly’s’ are a big issue as it stand: we just aren’t sure if these exploits are a real danger and to what extent they exist. We can only hope that the public’s safety doesn’t become secondary during this dust-up.
The truth, the whole truth…
A few security experts, including our own Mark James, have expressed their scepticism as to whether the various exploits that Roberts claims to have achieved are actually possible.
Prof Alan Woodward of Surrey University told the BBC that he found it “difficult to believe”: explaining that “flight systems are typically kept physically separate, as are any safety critical systems.”
Mark, mirroring Prof Woodward’s sentiment, finds it difficult to believe and finds it “very hard to imagine that these systems are linked in any way.
“Access for the public should never ever come in contact with any internal systems no matter how its configured or ‘protected’ they should be physically separated by hardware with no common components.”
We highly doubt that this is the last we’ve heard on this story and will keep you updated via our blog if there are any significant changes.
Join the ESET UK LinkedIn Group and stay up to date with the blog.
What do you think about the punishment? Do you think Roberts has successfully ‘hacked’ a plane as he describes?