Leaked Boeing Code Reveals Possible 787 Dreamliner Security Risks

Boeing may be in for another round of legal woes after a leaked code hinted at possible security flaws in the 787 Dreamliner's system.

Ruben Santamarta, a researcher for computer security firm IOActive, claimed that he discovered issues in the jet airliner's Crew Information Service/Maintenance System (CIS/MS), which could leave its multi-tiered network vulnerable to cyber attacks.

In an article by tech website Wired, Santamarta said he came across the 787 Dreamliner code via an unprotected Boeing server back in September. He then proceeded to review the system for potential vulnerabilities.

He explained that if hackers were to exploit the flaw, they would be able to take control of the jet airliner's in-flight entertainment system and use it to access its safety-critical systems such as flight sensors and controls.

Boeing's Crew Information Service/Maintenance System

The CIS/MS was designed to handle the Dreamliner's maintenance and other system applications. It is also responsible for the plane's electronic flight bag, which is a collection of manuals and navigation documents used by Boeing pilots.

Santamarta believes the vulnerability that he found could grant illegal access to the Dreamliner's key operational systems, such as engine, brakes, and sensors, via the in-flight entertainment system.

Boeing denied Santamarta's claims that there is a flaw in the plane's system. It maintained that the airplane has security barriers that would prevent hackers from launching a cyber attack.

In its statement, Boeing said the scenarios mentioned in IOActive's report cannot affect any essential or critical airplane systems. They also do not describe a means for hackers to access any of the Dreamliner's important systems such as its avionics system.

The aerospace company pointed out that IOActive only reviewed one part of the jet airliner's network using simple tools, and that it did not have access to the plane's larger system or even its working environments.

Boeing said IOActive ignored the aircraft maker's verified results and limitations in its review. It accused the cybersecurity firm of making provocative statements that suggested it had access to the Dreamliner's working system and had analyzed it.

Cybersecurity Threat

While Santamarta did admit that he did not have full access to the jet airliner or its design to confirm his claims, he and other experts who have reviewed his report believe the vulnerabilities in jet airliner's code point to Boeing's lack of attention on cybersecurity.

The security researcher asserted that his findings help reveal how an actual hacking technique might be pulled off on an airplane.

"We don't have a 787 to test, so we can't assess the impact," Santamarta told Wired.

"We're not saying it's doomsday, or that we can take a plane down. But we can say: This shouldn't happen."

Santamarta is set to present his research at the Black Hat security conference in Las Vegas, Nevada.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics