Boeing 787 Dreamliner

2019

The researcher found the source code Boeing 787 in network

The specialist of IOActive company Ruben Santamarta submitted extremely interesting report^[1] at the Black Hat conference^[2]. The researcher told that in September, 2018 he accidentally managed to detect the source codes Boeing 787 Dreamliner in network. Afterwards it was confirmed that these work-in-progress codes were accidentally left on the public Boeing server belonging to RnD-division^[3].

Having studied source codes, the researcher found in them a number of vulnerabilities and came to a conclusion that thanks to these bugs even skyjack is, theoretically, possible.

Santamarta explains that onboard Boeing 787, in fact, there are three electronic networks: the first in which the different noncritical systems, such as onboard entertaining system work; the second, more isolated where more important applications are based, reserved for crew and maintenance; and the third, the most protected, taken away for work of avionics (set of all systems developed for use in aircraft as onboard devices).

On the public Boeing server the expert managed to detect the source codes relating to the second network: firmwares of Crew Information System/Maintenance System (CIS/MS) and also Onboard Networking System (ONS) for Boeing 787 and 737.

Having carried out the analysis of source codes and also having studied the documents found in open sources, Santamart was identified in the code by a number of problems. For example, in the report the researcher suggests to use bugs in an onboard entertaining system in the first network to get into the second network and there to operate vulnerabilities in CIS/MS, as a result having got to the third network where it will be possible will be connected to avionics, to influence indications of devices and even to hijack the aircraft.

In the studied code the staff of IOActive managed to reveal hundreds of links to unsafe calls of functions in custom parts of implementation of a core of VxWorks CIS. Also the problems connected with integer perepolneniye, buffer overflow, failure in service, out-of-bound a read and write, violation of integrity of information in memory and so on were detected.

At the same time the expert emphasizes that he did not manage to work with this Boeing 787 "alive", i.e. all tests were carried out on not certified platform, and Santamarta could not be convinced for certain that he really could operate the found vulnerabilities and with their help to control management systems for flight.

Representatives of IOActive contacted engineers of Boeing and Honeywell companies (CIS/MS developer), and those confirmed existence of problems in the Boeing 787 code. However together with it developers reported that they did not manage to reproduce the attacks described to researchers in practice and to take control over avionics, so, the systems of aircrafts cannot be considered vulnerable. Besides, assure of Boeing that the company already took protective measures which in addition prevent operation of bugs. Could not confirm or refute this statement in IOActive.

Representatives of Boeing told the The Register edition that they "are disappointed with the irresponsible and misleading IOActive presentation". According to representatives of the company, researchers of IOActive studied only one part of Boeing 787 network, using for this purpose "rudimentary tools", not having access to others systems and the actual working environment. But researchers decided to ignore these restrictions and the confirmed results of tests which are carried out by specialists Boeing and now make "provocative statements as if they had an access, and they analyzed the working system".

Notes