WASHINGTON — United Airlines stopped a prominent Denver security researcher from boarding a California-bound flight late Saturday, after a social media post by the researcher days earlier suggesting the airline’s onboard systems could be hacked.
The researcher, Chris Roberts, attempted to board a United flight from Colorado to San Francisco to speak at a major security conference there this week, but he was stopped by the airline’s corporate security at the gate. Roberts founded One World Labs in Denver, which tries to discover security risks before they are exploited.
Roberts had been removed from a United flight on Wednesday by the FBI after landing in Syracuse, N.Y., and was questioned for four hours after jokingly suggesting on Twitter he could get the oxygen masks on the plane to deploy. Authorities also seized Roberts’ laptop and other electronics, although his attorney says he hasn’t seen a search warrant.
An attorney for Roberts said United gave him no detailed explanation Saturday why he wasn’t allowed on the plane, saying instead the airline would be sending Roberts a letter within two weeks stating why they wouldn’t let him fly on their aircraft.
“He’s made comments about manipulating aircraft systems and for that reason, we elected to cancel his reservation and refund his ticket,” said airline spokesman Rahsaan Johnson on Sunday to The Denver Post. “We reached out to him in advance, before he got to the airport. I think he may have chosen to go to the airport anyway.”
An attorney for Roberts said Sunday that when his client received that call, the caller would only say he or she was from United and wouldn’t give Roberts a name or callback number. When Roberts then tried calling the number back from his phone’s caller ID, it rang instead to a resort hotel, and Roberts assumed it was a prank call, Roberts’ lawyer said.
A spokesman for Denver International Airport, Heath Montgomery, said Sunday that what happened is a customer service issue for United. “It’s their prerogative to either allow or disallow a customer to fly,” Montgomery said.
Roberts took an alternate flight on Southwest Airlines and arrived in San Francisco on Saturday evening. He speaks this week at the RSA Conference about computer security vulnerabilities.
In recent weeks, Roberts gave media interviews in which he discussed airline system vulnerabilities.
“Quite simply put, we can theorize on how to turn the engines off at 35,000 feet and not have any of those damn flashing lights go off in the cockpit,” he told Fox News.
Roberts also told CNN he was able to connect to a box under his seat at least a dozen times to view data from the aircraft’s engines, fuel and flight-management systems.
Johnson told The Associated Press that United is confident its systems can’t be accessed through the techniques that Roberts’ described.
“It is disappointing that United refused to allow him to board, and we hope that United learns that computer security researchers are a vital ally, not a threat,” said Nate Cardozo, a staff attorney with the San Francisco-based Electronic Frontier Foundation, which represents Roberts.
The FBI declined to comment on the matter Sunday.
Denver Post staff writer Elizabeth Hernandez contributed to this report.
