That's plane crazy, says Dreamliner maker
Black Hat A Black Hat presentation on how to potentially hijack a 787 – by exploiting bugs found in internal code left lying around on a public-facing server – was last night slammed as "irresponsible and misleading" by Boeing.
Boeing, however, insists the software on the second network cannot be exploited as IOActive described, nor can a miscreant direct the avionics from other networks, due to restrictions in place, such as hardware filters that only allow data to flow between networks rather than instructions or commands.
“We have got very limited data, so it’s impossible to say if the mitigation factors Boeing say they have work.
They told us work-in-progress software destined for the 787 was stored on a server belonging to the aircraft manufacturer's research and development labs.
This box had been, like so many databases and other systems recently, accidentally left open to the internet, which isn't particularly wise.
He was surprised to discover a fully unprotected server on Boeing's network, seemingly full of code designed to run on the company's giant 737 and 787 passenger jets, left publicly accessible and open to anyone who found it.
He suggests that for a hacker, exploiting those bugs could represent one step in a multistage attack that starts in the plane’s in-flight entertainment system and extends to highly protected, safety-critical systems like flight controls and sensors.
But he and other avionics cybersecurity researchers who have reviewed his findings argue that while a full-on cyberattack on a plane's most sensitive systems remains far from a material threat, the flaws uncovered in the 787's code nonetheless represent a troubling lack of attention to cybersecurity from Boeing.
An attacker could potentially pivot, Santamarta says, from the in-flight entertainment system to the CIS/MS to send commands to far more sensitive components that control the plane's safety-critical systems, including its engine, brakes, and sensors.
But he says his research nonetheless represents a significant step toward showing the possibility of an actual plane-hacking technique.
"IOActive’s scenarios cannot affect any critical or essential airplane system and do not describe a way for remote attackers to access important 787 systems like the avionics system," the company's statement reads.
The test is a pivotal moment in Boeing’s worst-ever corporate crisis, long since compounded by the COVID-19 pandemic that has slashed air travel and jet demand.
