Airlinerwatch

FULL ARTICLE

Boeing 787 may be vulnerable to cyber attacks, expert claims

Madrid, Spain - A cybersecurity expert claims that security flaws in the Boeing 787's avionics network make the aircraft vulnerable to remote attacks.

Ruben Santamarta, a Spanish cyber security expert, ran across a server on Boeing's network last year, which was full of code designed to run on the internal systems of the manufacturer's Boeing 737 and 787 planes.

According to Ruben, the server was fully unprotected and open to public access. Ruben downloaded everything he could access.

He decided to take a deeper look at the codes used to run Boeing 787s internal network. What he discovered surprised him very much.

Multiple security vulnerabilities in the code could enable hackers to gain access to the avionics network of the aircraft, which is known as "Crew Information Systems Network".

Ruben publicly disclosed his findings here on blackhat.com on August 7.

The crew information systems network, which belongs to a core network component in the 787, could be exploited by attackers via memory corruption, stack overflows, and DDoS attacks, Ruben claims.

In contrast Ruben's claim, Boeing says the 787's network defense wouldn't allow hackers to access the system with these methods.

Boeing gets its systems tested by IOActive, a cyber security and penetration testing company.

IOActive's scenarios cannot affect any critical or essential airplane system and do not describe a way for remote attackers to access important 787 systems like the avionics system,

a Boeing spokesperson said.

After working with IOActive to understand its research, Boeing and its partners tested their findings in integrated environments, both in labs and on an airplane. Our extensive testing confirmed that existing defenses in the broader 787 network prevent the scenarios claimed.

But Ruben notes that an attacker exploiting the firmware could bypass security controls and access the "Crew Information System" on the network.

IOActive, meanwhile, says Boeing is misinterpreting Ruben's findings.

We have and will very clearly state the limitations of our purview in this research. We believe these limitations are clearly described in our white paper at a level even a layperson is able to comprehend,

said John Sheehy, director of strategic security services at IOActive.

Ruben carried out his research in a lab environment and says that it is hard to determine the ultimate effect on the system without access to an actual Boeing 787.

We don't know if those units are encrypted or digitally signed or how those units are verified, so I don't know if you can really affect the functionality or state of those critical units,

he told the cyber security portal Dark Reading.

We don't know what can be done after that because we don't have the avionics hardware" to test it,

Ruben also added.

Boeing said that the company consulted with the Federal Aviation Administration and the Department of Homeland Security about Ruben's claims.

DHS didn't respond to a comment request by Wired, but an FAA spokesperson told the magazine that the agency is satisfied with the manufacturer’s assessment of the issue.