John McAfee, everyone's favorite fugitive and unhinged former CEO, is defending security researcher Chris Roberts, who made headlines last week after the FBI claimed he hacked into an airplane mid-flight through vulnerabilities he found in its in-flight entertainment system.
According to a search warrant application, Roberts told the FBI he hacked into the control systems of Airbus and Boeing aircraft, using a modified ethernet cable to connect to a port on the Seat Electronic Box (SEB) located underneath the passenger seat. It said that on at least one occasion, he slightly increased the thrust of the plane's right engine, causing it to veer slightly to the left. Roberts also admitted to running similar tests 15 to 20 times between 2011 and 2014, the document states. He was detained in April after he tweeted a joke about how he could hack a plane while aboard a United Airlines flight to Syracuse, New York.
In a YouTube interview published by WeAreChange, McAfee describes Roberts as a friend and a "man with a good heart" who has "shown us a tremendous flaw" in commercial airliners that has been ignored by the Transportation Security Administration. He points out that the pilots didn't notice Roberts' tests and claims that even if they had, they would have easily been able to regain control by shutting down the computer-aided flight system.
"When we point out that, wait, you've taken our freedoms but you've really given us no security, they point the finger at the people who have shown us this and say 'you're a bad man,'' he said. "We can't let this stand. Because if Chris goes down, all of us in the security profession, we go down too—not with him, but soon after."
The Electronic Frontier Foundation quickly came to Roberts' aid following his detention, asking United and other companies to "recognize that researchers who identify problems with their products in order to have them fixed are their allies." A recent report from the Government Accountability Office seems to back up much of what Roberts' research is warning about. The Federal Aviation Administration has also been warning about the dangers of not properly segregating passenger-side Wi-Fi networks and entertainment systems from the rest of the aircraft since as early as 2008.
But since the FBI released its affidavit describing him messing with live engines, Roberts' methods have been widely criticized as irresponsible "stunt hacking" by security experts, including Alex Stamos, Yahoo's chief information security officer.
"You cannot promote the (true) idea that security research benefits humanity while defending research that endangered hundreds of innocents," he wrote on Twitter.
The incident also highlights how companies (in this case, the airline industry) are often secretive and reluctant to respond when researchers find critical vulnerabilities in their products and software. Even as the FBI investigates Roberts for commandeering an aircraft, Boeing is dismissing the flaw that supposedly allowed him to do so and refusing to discuss the plane's security (or lack thereof) for—you guessed it—security reasons.