Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Privacy Security Technology

A Boeing Code Leak Exposes Security Flaws Deep In a 787's Guts (wired.com) 177

An anonymous reader quotes a report from Wired: Late one night last September, security researcher Ruben Santamarta sat in his home office in Madrid and partook in some creative googling, searching for technical documents related to his years-long obsession: the cybersecurity of airplanes. He was surprised to discover a fully unprotected server on Boeing's network, seemingly full of code designed to run on the company's giant 737 and 787 passenger jets, left publicly accessible and open to anyone who found it. So he downloaded everything he could see. Now, nearly a year later, Santamarta claims that leaked code has led him to something unprecedented: security flaws in one of the 787 Dreamliner's components, deep in the plane's multi-tiered network. He suggests that for a hacker, exploiting those bugs could represent one step in a multistage attack that starts in the plane's in-flight entertainment system and extends to highly protected, safety-critical systems like flight controls and sensors.

At the Black Hat security conference today in Las Vegas, Santamarta, a researcher for security firm IOActive, plans to present his findings, including the details of multiple serious security flaws in the code for a component of the 787 known as a Crew Information Service/Maintenance System. The CIS/MS is responsible for applications like maintenance systems and the so-called electronic flight bag, a collection of navigation documents and manuals used by pilots. Santamarta says he found a slew of memory corruption vulnerabilities in that CIS/MS, and he claims that a hacker could use those flaws as a foothold inside a restricted part of a plane's network. An attacker could potentially pivot, Santamarta says, from the in-flight entertainment system to the CIS/MS to send commands to far more sensitive components that control the plane's safety-critical systems, including its engine, brakes, and sensors. Boeing maintains that other security barriers in the 787's network architecture would make that progression impossible.
Boeing said in a statement that it had investigated IOActive's claims and concluded that they don't represent any real threat of a cyberattack. "IOActive's scenarios cannot affect any critical or essential airplane system and do not describe a way for remote attackers to access important 787 systems like the avionics system," the company's statement reads. "IOActive reviewed only one part of the 787 network using rudimentary tools, and had no access to the larger system or working environments. IOActive chose to ignore our verified results and limitations in its research, and instead made provocative statements as if they had access to and analyzed the working system. While we appreciate responsible engagement from independent cybersecurity researchers, we're disappointed in IOActive's irresponsible presentation."

Boeing says the company put an actual Boeing 787 in "flight mode" to test and try to exploit the vulnerabilities. They found that they couldn't carry out a successful attack.
This discussion has been archived. No new comments can be posted.

A Boeing Code Leak Exposes Security Flaws Deep In a 787's Guts

Comments Filter:
  • by iggymanz ( 596061 ) on Wednesday August 07, 2019 @05:44PM (#59060006)

    Hardly any of their planes fall out of the sky do to design flaws or poor QC

    • by Anonymous Coward

      Which is actually true. So being fearful of an attack on an airplane is ridiculous. You have far higher odds of dying at home or on the way to the airport. Or eating airplane food.

      • by Anonymous Coward

        "So being fearful of an attack on an airplane is ridiculous." - Not really, it's as valid a fear as anything else. It's actually likely to happen, whatever low odds of 'you' being involved do not necessarily define the fear's scope or validity.

        It will no doubt be something we see at some point if Boeing keeps leaving its important back-end network source code in public places for a world of very, very highly technical and angry people to pore over for a few years.

        Those planes aren't going to be upgraded o

      • Re: (Score:2, Flamebait)

        by sjames ( 1099 )

        That it's literally true is the joke. Kinda like a daycare that boasts it "rarely loses a child" or a restaurant that proudly proclaims no food poisoning deaths so far this month.

    • by Tablizer ( 95088 )

      At least no snakes have been found. Although, with Boeing's luck...

      • by dgatwood ( 11270 ) on Wednesday August 07, 2019 @07:24PM (#59060460) Homepage Journal

        At least no snakes have been found. Although, with Boeing's luck...

        Probably only because nobody looked in the permanently sealed compartments....

        Little did the passengers know that every 787 had an anaconda lurking in its bowels, surviving on leftover food scraps that fell through the ventilation ducts by their feet. It lay in wait — hungry, angry, wanting only to devour.

      • by rtb61 ( 674572 ) on Wednesday August 07, 2019 @10:36PM (#59061128) Homepage

        No snakes on the planes (except sometimes in first class) but in Boeing's boardroom, now that's a different story entirely. Boeing says, yeah but who gives a fuck, everyone knows now Boeing lies and they lie a lot and they will quite happily lie you nose first straight into the ground at hundreds of kilometres an hour, don't worry Boeing will claim it was all your fault.

        Everyone ready for the massive Billion dollar Boeing bailout, you know it is coming, how is will they pay the executive bonuses.

    • by blindseer ( 891256 ) <blindseer@noSPAm.earthlink.net> on Wednesday August 07, 2019 @07:20PM (#59060436)

      Agreed. It appears that the greatest threat to aircraft are the powerful storms that appear over the Iberian peninsula. Or, in other words, the planes in Spain fall mainly in the rain.

      Because of global warming, no doubt.

    • Hackers are also not trustworthy. There's a reason one of the most popular hacking books in the last decade is called POF||GTFO [nostarch.com], because of too many sensationalistic claims by hackers (or "security researchers" who are even worse because they are just trying to get free advertising for their company).
  • by marcle ( 1575627 ) on Wednesday August 07, 2019 @05:51PM (#59060046)

    We have investigated ourselves and find the allegations to be baseless.

  • by charlie merritt ( 4684639 ) on Wednesday August 07, 2019 @06:00PM (#59060094)

    An Open Source airliner. Does that make you more, or less confident?

  • Boeing is having a really really bad year. They should boot the CEO to at least give investors a spot of hope.

  • by DanDD ( 1857066 ) on Wednesday August 07, 2019 @06:04PM (#59060112)

    Boeing is worthy of criticism, maybe even outright condemnation, but don't think for a minute that the likes of Airbus (and others) are beyond trumping up a bit of hysteria to gain a bit of an advantage in manipulating someone's orders and stock price - their own and/or Boeings.

    IOActive (the security firm behind this article) has a strong European presence. Of the addresses listed on IOActive's contact page, one is US, two are European, and one is in Dubai. I suspect there's much more to this story than meets the eye.

    and:

    Boeing says the company put an actual Boeing 787 in "flight mode" to test and try to exploit the vulnerabilities. They found that they couldn't carry out a successful attack.

    Carrying out a successful cyber attack on a 787 would likely require activities and physical connections that would be rather alarming to passengers and flight crew. Just because an 'attack' is possible doesn't mean it's realistic or credible. Sometimes the biggest damage and risk of a threat is simply pointing at it and yelling 'Fire!'

    • by Anonymous Coward

      You're far more likely to die in an unmaintained Lyft than you are any other way.

    • by WaffleMonster ( 969671 ) on Wednesday August 07, 2019 @06:31PM (#59060254)

      Boeing is worthy of criticism, maybe even outright condemnation, but don't think for a minute that the likes of Airbus (and others) are beyond trumping up a bit of hysteria to gain a bit of an advantage in manipulating someone's orders and stock price - their own and/or Boeings.

      Do you have any evidence of this or are you just gracing us with unsubstantiated drivel?

      IOActive (the security firm behind this article) has a strong European presence. Of the addresses listed on IOActive's contact page, one is US, two are European, and one is in Dubai.

      This makes perfect sense to me. Every Seattle based company located in Boeings backyard /w offices in Europe is an Airbus stooge.

      I suspect there's much more to this story than meets the eye.

      I suspect you are a paid shill for Boeing.

    • If an in-flight entertainment system has a web browser you could easily perform a hack unnoticed by navigating to a web server you prepared ahead of time to attack the system starting from the web browser.
      • If an in-flight entertainment system has a web browser

        And if the inflight system has a command line interface with a poorly passworded sudo ...

        These "hacks" require getting access to the system where the "electronic flight bag" is maintained. "There's a buffer overflow exploit" requires being able to put something into the buffer.

        Don't know about systems other than on United, but their in-flight system has no text entry method. About the most complicated entry method is a credit card swipe. I doubt that this entry method has a buffer overflow that will get

        • by Anonymous Coward

          "About the most complicated entry method is a credit card swipe."

          So just bring a 3 feet long credit card.

    • Years ago, Boeing had indicated that the infotainment network, the CIS/MS, and the avionics network are physically independent. If the researcher found a way to jump from the infotainment network to the CIS/MS network, that is a significant development. Moreover, IIRC the CIS/MS network has radio links to the ground network.

      But, even being able to impact the CIS/MS network is a pretty big potential impact from a security risk level.

      • If the researcher found a way to jump from the infotainment network to the CIS/MS network, that is a significant development.

        It would be, especially if the CIS/MS system was somehow flight critical. What he actually said was "An attacker could potentially pivot, Santamarta says, ...", which means he hasn't found an actual way of doing this.

        Moreover, IIRC the CIS/MS network has radio links to the ground network.

        Do you know, I once saw on a TV program how the flight control system on a major airliner could be completely reprogrammed by someone riding on the top of a car while the airplane made a low, slow pass overhead? That's scary. The system had to be reprogrammed because, even though the pilot cou

      • by AmiMoJo ( 196126 )

        Those networks clearly are not completely independent because they share data. Boeing even says as much.

        That map you get on the infotainment system? At the very least it must be getting data on current position, speed, altitude and heading from the aircraft's other systems. Unless they fitted a duplicate set of sensors just for it (unlikely) then those will be the same systems feeding the avionics and CIS/MS network.

        Of course it could still be completely safe. Consider a link that consists of a one-way opti

        • That map you get on the infotainment system? At the very least it must be getting data on current position, speed, altitude and heading from the aircraft's other systems.

          I got it! I came up with the hack! If you READ TOO MUCH DATA from the navigation system you can overflow the navigation system output buffer and cause remote code execution!

          There is a well-defined standard interface for transmission of navigation data called NMEA. It's a one-way serial interface, most often running at 4800 baud.

          Of course it could still be completely safe. Consider a link that consists of a one-way optically isolated serial data stream

          It doesn't even need to be optically isolated. Just please, can we stop getting hysterical predictions of how hackable this stuff is based on pure fantasy?

          Worst case is that it allows polling, i.e. a polling command is send over which could potentially be exploited.

          Pure fantasy.

          it's possible they have found something like that in the CIS/MS code.

          It's possible

          • by AmiMoJo ( 196126 )

            I'd definitely optically isolate something like that. An electrical fault one one side should not affect the other.

            • "Optically isolate" is not "unhackable" or "unidirectional". Optical isolation is an electrical protection which has zippo to do with whether the communications path is hackable or not. You do not need optical isolation to keep one network isolated from another to protect from exploits. In fact, a gigabit fiber connection is the ultimate in "optical isolation" and yet it allows data to pass both ways.

              Let's just stop making stuff up to spread fear and doubt, ok?

              • by AmiMoJo ( 196126 )

                How can an optically isolated link with only one emitter and one receiver be hacked from the receiver side?

                • How can an optically isolated link with only one emitter and one receiver be hacked from the receiver side?

                  By using the emitter/rcvr on the other direction's optical path. "Optically isolated" does not imply "unidirectional" in any way, shape, or form. Optical isolation is not necessary to prevent hacking, and by conflating the two issues you look poorly informed, at best.

        • Read only data, typically serial, and is usually broadcast from the more secure system to the other.

    • Airbus doesn't have to hype anything. Air France gave them an order for 50-70 A220s last week. Airlines are taking a hit from lack of capacity because the Boeing jets are grounded and nobody can say for certain that more problems won't be found.

    • Carrying out a successful cyber attack on a 787 would likely require activities and physical connections that would be rather alarming to passengers and flight crew. Just because an 'attack' is possible doesn't mean it's realistic or credible. Sometimes the biggest damage and risk of a threat is simply pointing at it and yelling 'Fire!'

      I think you might be forgetting about the climbing onto the landing gear as the plane is taking off, getting into the secret guts of the plane where no one can see you, and hooking some alligator clips up to an important looking fuse box thing vector.

      Often overlooked, always underestimated.

    • Carrying out a successful cyber attack on a 787 would likely require activities and physical connections that would be rather alarming to passengers and flight crew.

      You're making a lot of assumptions about what looks alarming in a plane where every idiot has some wires attached from their personal electronics to some point of a plane. Much more so when you take into account that a 787 is often flown long distances, i.e. the kind of plane where the snoring of the passengers is louder than the engines.

  • Why on earth would you put the infotainment system on the same network as critical systems, particularly those responsible for making sure people don't end up dead?
    • Why on earth would you put the infotainment system on the same network as critical systems, particularly those responsible for making sure people don't end up dead?

      To save money by not having to build out a separate network, or because they didn't understand VLANs or how to implement firewalls between networks?

      • It also saves weight. 3 times the network cabling and fittings saves hundreds of pounds if you can just break it up via software.

        • by jrumney ( 197329 )

          Except the cabling to the entertainment system is all inside the cabin, while the cabling to the control systems are between the cockpit and the wings and tail. You maybe save on a 75% of a single cable run from the cockpit to the tail by letting it share bandwidth and latency with 500 video streams.

          I'm inclined to believe Boeing here, the internet is full of people theorizing about hacks jumping from entertainment systems to control systems, but the only proven case is the Jeep that allowed its brakes to

          • You are dramatically underestimating the cable runs required for flight systems - multiple redundant paths to each control surface actuator from each avionics bay (fore and aft), multiple redundant paths to each avionics bay from the cockpit, plus the physical backup from the cockpit to each control surface from the cockpit, it all adds up.

            Not saying Boeing did it for weight reasons, but your comment is extremely far off base.

      • or because they didn't understand VLANs

        I've worked in a corporate environment with VoIP phones on separate VLANs with reserved bandwidth. There were plenty of occasions over the years when extreme network traffic on the computer network side took out the phone network in some areas too, just by taking their switch CPUs to 100% utilisation. Isolation at layer 2 is not enough for safety-critical environments.

      • by Shotgun ( 30919 )

        How much money could they possibly save by plugging two networks into each other?

    • Why on earth would you put the infotainment system on the same network as critical systems, particularly those responsible for making sure people don't end up dead?

      Calm down. They didn't. Nobody said they did. This "researcher" is hypothesizing a lot of non-existent stuff. "It's on the same airplane" is leading to the assumption "it's on the same network".

      • If it were the case that the systems were not attached to the same physical network then Boeing would not have been compelled to "test" their system after the fact to be able to make a statement. They would have been able to simply respond with "they're air gapped, separate and distinct networks with no ability to communicate across and therefore not vulnerable." The very fact that they performed the test meant that at some level they believed there was a possibility of a vulnerability whether or not ther
        • If it were the case that the systems were not attached to the same physical network then Boeing would not have been compelled to "test" their system after the fact to be able to make a statement. They would have been able to simply respond with "they're air gapped, separate and distinct networks with no ability to communicate across and therefore not vulnerable." The very fact that they performed the test meant that at some level they believed there was a possibility of a vulnerability whether or not there in fact is one. It is this, not the researcher's claims that direct the conclusion that they exist on the system physical network hardware even if firewalled, VLAN'd, etc..

          Given how complicated some systems can get it is worthwhile to check that the "air-gapped" system actually is.

        • The very fact that they performed the test meant that at some level they believed there was a possibility of a vulnerability whether or not there in fact is one.

          You're making it up, putting words in their mouths and telling us what they think when you have no clue.

          No, they could very well have done the testing knowing full well they'd find nothing, just to shut up the hysterical fiction being created about how hackable the system is. Can we just stop fantasizing all kinds of stuff? Please? If you have evidence of something, present it. If not, your made-up fear mongering is getting really tiring.

  • Classic mistake (Score:5, Insightful)

    by rgmoore ( 133276 ) <glandauer@charter.net> on Wednesday August 07, 2019 @06:16PM (#59060186) Homepage

    Boeing says the company put an actual Boeing 787 in "flight mode" to test and try to exploit the vulnerabilities. They found that they couldn't carry out a successful attack.

    This is a classic security mistake: believing that your own inability to exploit a weakness means that weakness can't be exploited by anyone. Just because you can't figure out how to do it doesn't mean nobody else can.

    • Just because you can't figure out how to do it doesn't mean nobody else can.

      ^^^THIS.

      They should print this out and hang it above the desk of every engineer and programmer.

  • Misdirection? (Score:5, Interesting)

    by ZenShadow ( 101870 ) on Wednesday August 07, 2019 @06:31PM (#59060256) Homepage

    I'm less worried about what this means for the 787, and more worried about what that unsecured server might allude to with respect to their defense work.

    How much else has been leaked? What about bits of the F18? Or the F22? Are there various people out there wandering around with copies of all of their software?

    Scary.

    • by mattyj ( 18900 )

      My guess is that it would be easier to just lay a missile into an F22 than for an enemy combatant to fly close enough to hack it out of the sky.

      • While that's probably true, such a leak would also mean that other (possibly hostile) nations can use it to develop their own competitive systems, and probably a few hundred other uses I can't think of. It's not just about the safety of an individual aircraft.

      • An enemy with access to the comms code may be able to jam the fuck out of it.

    • Comment removed based on user account deletion
    • by AmiMoJo ( 196126 )

      Looking at Russian and Chinese aircraft, it's pretty obvious that they have had access to some Boeing secrets for a while now. The opposite is true as well, US aircraft show occasional signs of having benefited from espionage.

      As do British and French ones for that matter - much was made of the Russians stealing data on Concorde, but actually it was working both ways and French attempts to get details of the Tupolev SST resulted in a fatal crash.

  • by JustAnotherOldGuy ( 4145623 ) on Wednesday August 07, 2019 @07:26PM (#59060472) Journal

    "Boeing maintains that other security barriers in the 787's network architecture would make that progression impossible."

    Oh shit, whenever you hear the word "impossible" when talking about exploits, bet on the exploit.

    • Not sure about current crafts, but up until at least 10 years ago, Boeing had separate buses for dealing with aircraft vs the cabin. Passenger has their own bus so as to avoid this very issue. Things like the entertainment/wifi is unable to be accessed by the pilots and flight attendants can not access the aircraft bus. This was to make it impossible for crackers to easily access the aircraft bus (though it might be possible if Flight Attendant/passenger goes into cargo-hold and splices into the net).

      wh
  • by n2hightech ( 1170183 ) on Wednesday August 07, 2019 @08:25PM (#59060728)
    Boeing - No using a single sensor to control plane attitude is fine. Nothing can go wrong. .... Oh maybe should not have done that my bad. Boeing - No need to secure that server for the control code. Nobody will snoop around there.... Oh security tester downloaded all our control code My bad. Boeing - Security tester found flaws in our control code. Those flaws cannot lead to hacking of critical plane controls... (some time in the future) Oh some hacker took over the airplane from the entertainment system My bad. When will these guys learn they need to get the best to review, secure and pin test their systems?
  • by epine ( 68316 ) on Wednesday August 07, 2019 @08:26PM (#59060738)

    IOActive chose to ignore our verified results and limitations in its research, and instead made provocative statements as if they had access to and analyzed the working system. While we appreciate responsible engagement from independent cybersecurity researchers, we're disappointed in IOActive's irresponsible presentation.

    Nine times out of ten, this kind of access is not granted without some kind of pre-publication vetting contract or equivalent control over the investigator's short and curlies.

    While it's not optimal to have these things published without access to the larger context, it's often even less desirable to have a partially muzzled investigation pretending to be something else.

    Boeing has barely a leg to stand on right now, considering their lamentable disclosure in their relationship with the FCC throughout their 737 MAX design initiative. Good thing for their shareholder value that their attitude jets remain hard at it 24/7, diligently painting other parties as irresponsible.

  • What I do know of the security system is that each level has router which only accept white listed packet from component, on dedicated lines. So while it has been known for quite some time that the entertainment systems may be exploitable as well as some non relevant system, it can't be escalated which is the point. The Boing test was probably to check that white listing/dedicated line was refusing packet coming from the system as expected, even if you try to spoof ip or whatever. The network on an airplane
  • giant 737 and 787 passenger jets

    BS right there.

    If we were talking Boeing 747 or Airbus 380, fine. A 737, bread-and-butter is maybe not very small, but certainly no giant.

    I'm sorely tempted to take TFA with a not-so-little grain of salt.

  • That code was from Jeppesen. The code was done in Denver/Neu-Isenburg, but Boeing turned the admin of the network over to groups in both Poland and Russia.
    The question is, how did it get on an open server? Was the server misconfigured
    OR, was this code not supposed to be on this server, but was transferred there by somebody either through stupidity or with nefarious intentions?
    Sadly, any of this is possible.
  • MH370: A short article appeared awhile back on an official report issued on that missing Malaysia Airlines flight MH370; essentially suggesting no new information --- still a mystery?
    An article appeared later, last month in The Atlantic magazine, by so-called aviation expert, Richard Langewiesche, claiming there was nothing new or of value in the report. (In reading this article, it became obvious that Langewiesche has no knowledge of avionics, satellite technology or IT.)
    FALSE ASSUMPTION: Nothing o
  • If Boeing is so confident, they should enter a brand new 787 in PWN2OWN. If it gets hacked, the hackers keep the plane. If not, Boeing can say they were willing to bet a quarter of a billion dollars that the plane is not hackable. That would be a lot more convincing tha. "We couldn't hack it, so it's unhackable".

"I am, therefore I am." -- Akira

Working...