Sometime last year, Ruben Santamarta at IOActive discovered a server used by Boeing that was completely accessible. On that server was code that helped operations on Boeings 737 and 787 jets. At Black Hat, it was proclaimed by the researcher that the code on the server was for a component of the 787 known as the Crew Information Service/Maintenance System (CIS/MS) and contained critical flaws. The researcher claims that these memory-corruption issues can allow attackers to pass off malevolent orders to other components on the plane that control systems like the engine, brakes, and sensors. The vulnerabilities can be found between the Open Data Network and Common Data Network. These 787 jets also have communication channels that are used to send and receive information pertaining to arrival and departure. These channels can possibly be hacked, and false information can be given to the maintenance engineer about system functions. Following these announcements at Black Hat, Boeing quickly refuted the claims and released a statement, a portion of it read, “IOActive’s scenarios cannot affect any critical or essential airplane system and do not describe a way for remote attackers to access important 787 systems like the avionics system. After working with IOActive to understand its research, Boeing and its partners tested their findings in integrated environments, both in labs and on an airplane. Our extensive testing confirmed that existing defenses in the broader 787 network prevent the scenarios claimed.” It will be interesting to see if any further information is released that will disprove either party’s theories.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased