Software Vulnerabilities in the Boeing 787
IOActive has documented our detailed attack paths and component vulnerabilities to describe the first plausible, detailed public attack paths to effectively reach the avionics network on a commercial airplane from either non-critical domains, such as Passenger Information and Entertainment Services, or even external networks.
IOActive’s attack claims—as well as Honeywell’s and Boeing’s denials—are based on the specific architecture of the 787’s internals. The Dream liner’s digital systems are divided into three networks: an Open Data Network, where non-sensitive components like the in-flight entertainment system live; an Isolated Data Network, which includes somewhat more sensitive components like the CIS/MS that IOActive targeted; and finally the Common Data Network, the most sensitive of the three, which connects to the plane’s avionics and safety systems. Santamarta claims that the vulnerabilities he found in the CIS/MS, sandwiched between the ODN and CDN, provide a bridge from one to the other.
But Boeing counters that it has both “additional protection mechanisms” in the CIS/MS that would prevent its bugs from being exploited from the ODN, and another hardware device between the semi-sensitive IDN—where the CIS/MS is located—and the highly sensitive CDN. That second barrier, the company argues, allows only data to pass from one part of the network to the other, rather than the executable commands that would be necessary to affect the plane’s critical systems.
[…]
But even granting Boeing’s claims about its security barriers, the flaws Santamarta found are egregious enough that they shouldn’t be dismissed, says Stefan Savage, a computer science professor at the University of California at San Diego, who is currently working with other academic researchers on an avionics cybersecurity testing platform. “The claim that one shouldn’t worry about a vulnerability because other protections prevent it from being exploited has a very bad history in computer security,” Savage says. “Typically, where there’s smoke there’s fire.”
Via Bruce Schneier:
This being Black Hat and Las Vegas, I’ll say it this way: I would bet money that Boeing is wrong. I don’t have an opinion about whether or not it’s lying.
Previously:
