IOActive's security researcher reveals possible Boeing 787's security vulnerabilities at the BlackHat conference.

At the BlackHat conference on August 7, 2019, in Las Vegas, IOActive’s cybersecurity expert Ruben Santamarta revealed that he identified several vulnerabilities in the Boeing server that could allow an attacker to gain access to a 787 Dreamliner’s network. In September 2018, Santamarta had discovered that a Boeing server that contained the code of 737 and 787 passenger jets was left unprotected; because of this, he was able to download that code and learn from it, thereby discovering the vulnerability.

A Boeing 787's systems are categorized into three networks: The first is comprised of components that aren't sensitive; the second has slightly more important components; and the third is where the important avionics gears reside. The vulnerability was found to be in the Crew Information Service/Maintenance System (CIS/MS) application, held in the second network, and security researchers believe that attackers can gain access to the avionics component, communication channels, flight controls, and sensors by exploiting this vulnerability.

What was Boeing's response?

According to a report by Wired, Boeing denied the claims, saying, “IOActive’s scenarios cannot affect any critical or essential airplane system, and do not describe a way for remote attackers to access important 787 systems like the avionics system.” They also claimed that IOActive isn't qualified to arrive at this conclusion, as it doesn't have access to the entirety of Boeing’s network; Boeing even tested the defenses of the existing security systems to disprove the accusation.


Stay In The Know

Thank you

You will receive weekly cybersecurity news soon!

  • Please enter a business email id
    By clicking 'I'm Interested', you agree to processing of personal data according to the Privacy Policy.

© 2022 Zoho Corporation Pvt. Ltd. All rights reserved.