On Wednesday at a hacker conference in Las Vegas, Ruben Santamarta, chief security consultant at IOActive, a computer security company, told everyone that he had discovered holes in the software of the Boeing airliners. He stated that using these vulnerabilities could hijack a plane. According to The Register, the Boeing-787 airliner is equipped with three networks. The first is used to operate the entertainment system during the flight. The second is necessary for the more important applications needed by the crew and maintenance personnel. The third network is vital for the operation of on-board devices that control the flight of an aircraft. Santamarta believes that it is possible to exploit vulnerabilities in the entertainment system in the first network in order to gain access to the neighboring second network and then penetrate the third network. Once there, you can connect to avionics equipment and, in theory, steal a Boeing-787. However, Boeing insists that the software in the second network cannot be operated in the way described in IOActive, and the attacker cannot affect the avionics of the aircraft from other networks due to hardware filters. During his speech at the conference, Santamarta admitted that he had no chance to prove in practice the possibility of exploiting the vulnerabilities he found – primarily because no one let him fly the helm of a real passenger plane. “We confirmed the existence of vulnerabilities, but did not demonstrate how they can be exploited,” he said. – We have very little information, so it is impossible to say whether the liners are really protected as claimed in Boeing. We offer them our help. ” Santamarta came across software for a Boeing in September. Then, the server on which the programs were stored was accidentally accessed. Santamarta set about studying the materials and, in the end, he said, discovered many errors that could be used for arbitrary code execution in the crew information application. Boeing engineers said in a comment from The Register that the software bugs were fixed, and even if they were present, it would be impossible to grab the avionics network from another network anyway. “IOActive scenarios cannot affect any critical or critical aircraft system. In this way, which they describe, attackers cannot gain access to important 787 systems, ”commented the representative of the airliner manufacturer.
- Apple increased bug bounty payout to one million dollars
- The vulnerability of a dating application revealed the data of 1.5 million users – including in the US White House