That's plane crazy, says Dreamliner maker
Black Hat A Black Hat presentation on how to potentially hijack a 787 – by exploiting bugs found in internal code left lying around on a public-facing server – was last night slammed as "irresponsible and misleading" by Boeing.
Boeing, however, insists the software on the second network cannot be exploited as IOActive described, nor can a miscreant direct the avionics from other networks, due to restrictions in place, such as hardware filters that only allow data to flow between networks rather than instructions or commands.
“We have got very limited data, so it’s impossible to say if the mitigation factors Boeing say they have work.
They told us work-in-progress software destined for the 787 was stored on a server belonging to the aircraft manufacturer's research and development labs.
This box had been, like so many databases and other systems recently, accidentally left open to the internet, which isn't particularly wise.