This Hacker Wants to Save the U.S. Airline Industry
Business + Economy

This Hacker Wants to Save the U.S. Airline Industry

REUTERS/Lisi Niesner

Chris Roberts says he didn't mean any harm. The security researcher was detained by the FBI last week after he tweeted—while on an airplane—about airline vulnerabilities to cyber attacks. Roberts said that when his plane landed, he was detained by law enforcement.

"I landed into Syracuse," Roberts told CNBC. "Everybody on the plane was told to sit down. Two uniformed officers and two FBI agents came onto the plane. I got taken off the plane—very civilized gents, very nice guys. And then a third gent joined them, and we had a several-hour lengthy conversation."

Related: Wanted: 3,000 Hackers for Cool Pentagon Jobs

Then on Saturday, Roberts said he was on his way to a United Airlines flight to San Francisco for the annual RSA cyber security conference when the airline told him he would not be allowed on the flight or allowed to fly United again.

Roberts, the founder and chief technology officer of the cybersecurity firm One World Labs, says he has discovered a vulnerability in airline entertainment software that could allow hackers to seize aircraft controls. And his tweeting and public commentary about the alleged vulnerability has attracted the attention of the airlines and law enforcement.

Asked if he's a threat to the U.S. aviation system, Roberts said no. "What I'm trying to do is help, actually, U.S. aviation get a lot safer," he said.

Roberts said he's found a way hackers could control a number of the vital control systems of an airplane in flight. 

Related: Why America's Planes Are in Danger of Cyber Attack

"The research we've done definitely indicates that you can influence the control interfaces that obviously keep the planes in the sky," he said. "We can mess around with what's known as the fader controllers, which obviously control the engines. We've obviously done a little research on the fuel balancing system, the thrust control systems, and obviously, in the tweet in particular, the emergency control systems."

Roberts said that as he was set to fly to San Francisco for the conference, United told him he could not fly.

"Ten minutes before takeoff I was approached by some very nice United people," he said. "They said, 'We apologize. You will not be allowed on this evening's flight or United again.'"

United Airlines confirms that it will not allow Roberts to fly on its planes. 

Related: Your Next Flight Could Be Hit by Cyber Attack

"Given Mr. Roberts' claims that he has manipulated aircraft systems while in flight, a clear violation of United policy, we've decided it's in the best interest of our customers and crew members that he not be allowed to fly United," said United Airlines spokesman Luke Punzenberger in a statement. "Notwithstanding his attempts, we are confident our flight-control systems could not be accessed through techniques he described."

A spokesperson for the FBI declined to comment. But former FBI agent Shawn Henry, who is now the president of the cybersecurity firm CrowdStrike, said he sees Roberts as a "white hat" hacker.

"I think Chris Roberts is looking to raise the awareness of what the real risks are," Henry said. "And he's using social media and the media writ large as a platform to get that message out." 

Roberts said he eventually found another airline that would let him fly: Southwest.

This article originally appeared in CNBC.

Read more at CNBC:
Millionaire Robert Durst to cops: I want my $161K
California copper thieves knocking out water pumps
Shrinking airline seats may be bad for your healt