At the BlackHat conference on August 7, 2019, in Las Vegas, IOActive’s cybersecurity expert Ruben Santamarta revealed that he identified several vulnerabilities in the Boeing server that could allow an attacker to gain access to a 787 Dreamliner’s network. In September 2018, Santamarta had discovered that a Boeing server that contained the code of 737 and 787 passenger jets was left unprotected; because of this, he was able to download that code and learn from it, thereby discovering the vulnerability.
A Boeing 787's systems are categorized into three networks: The first is comprised of components that aren't sensitive; the second has slightly more important components; and the third is where the important avionics gears reside. The vulnerability was found to be in the Crew Information Service/Maintenance System (CIS/MS) application, held in the second network, and security researchers believe that attackers can gain access to the avionics component, communication channels, flight controls, and sensors by exploiting this vulnerability.
According to a report by Wired, Boeing denied the claims, saying, “IOActive’s scenarios cannot affect any critical or essential airplane system, and do not describe a way for remote attackers to access important 787 systems like the avionics system.” They also claimed that IOActive isn't qualified to arrive at this conclusion, as it doesn't have access to the entirety of Boeing’s network; Boeing even tested the defenses of the existing security systems to disprove the accusation.
Subscribe to our digest to get your weekly dose of cyber security updates straight to your inbox.
You will receive weekly cybersecurity news soon!
© 2019 Zoho Corporation Pvt. Ltd. All rights reserved.