Before we dive into this, no one is saying that this could take down a plane. However, growing sentiment from the world of cyber security including researchers, hackers and professors feels that this is an issue Boeing needs to take more seriously. Today, that could become even more apparent, as Ruben Santamarta, the cyber security expert who uncovered the flaws leads a presentation on his findings at the Black Hat convention in Las Vegas.
Santamarta says it all began quite simply: with a Google search. According to a fantastic piece in Wired by Andy Greenberg, the noted cyber security expert was searching online for vulnerable tech documents which could be exploited online. Apparently, just a few minutes of creative searching allowed Mr. Santamarta to find a completely unprotected Boeing server with a treasure trove of code which would run on Boeing 787, and 737 aircraft.
Today at the Black Hat Conference in Las Vegas, Santamarta will lay out his research, which he believe illustrates security flaws in at least one of the Boeing 787 Dreamliners essential components, specifically its Crew Information Service/Maintenance System, which includes maps and information for the cockpit. By Mr. Santamarta’s account, this would allow the first stage in what would need to be a multi stage attack to potentially compromise something more crucial. Boeing disagrees in no uncertain terms, stating…
“IOActive’s scenarios cannot affect any critical or essential airplane system and do not describe a way for remote attackers to access important 787 systems like the avionics system.”
Unfortunately for Boeing, they seem to be alone in this analysis and like many major corporations with outsized hubris, despite tragic recent events, have chosen to simply discredit Mr. Santamarta, rather than engage, adding their disappointment to the “irresponsible presentation”.
In layman’s terms, Mr. Santamarta isn’t saying he could make a plane turn left, right, up or down solely with the flaws he’s found thus far. He’s simply stating that hackers always look for a way in, and once they’ve found it, they typically will find another yet to be exposed flaw which allows them a backdoor into other systems, and in theory – potentially ones which could cause problems.
Boeing notes that other security features of the aircrafts systems wouldn’t allow this, but Wired’s reporting brings some damning quotes from other top experts in the field, including one from Stefan Savage, a noted professor at the University of California San Diego, who leads a new avionics cyber security research lab, aimed at securing airplane systems. Mr Savage offered the following to Wired…
“The claim that one shouldn’t worry about a vulnerability because other protections prevent it from being exploited has a very bad history in computer security. Typically, where there’s smoke there’s fire. Every piece of software has bugs. But this is not where I’d like to find the bugs. Checking user parameters is security 101.
They shouldn’t have these kinds of straightforward vulnerabilities, especially in the kernel. In this day and age, it would be inconceivable for a consumer operating system to not check user pointer parameters, so I’d expect the same of an airplane.”
With due respect to Boeing, simply dismissing these claims after repeated presentations and opinions from those in the relevant field seems nonsensical. Boeing has yet to give Mr. Santamarta or his team at IOActive access to run live tests with a real aircraft, which seems to me like a great starting point. At the very least, it could quell some fears – and at the very best, it could patch some crucial software updates.
I’m not sure if Mr. Santamarta’s presentation from the Black Hat Conference in Las Vegas is streaming today, but if it is, I’ll absolutely be grabbing the popcorn. Watch this space.
Here are the slides from Mr. Santamarta’s presentation
https://i.blackhat.com/USA-19/Wednesday/us-19-Santamarta-Arm-IDA-And-Cross-Check-Reversing-The-787-Core-Network.pdf