| Developers: | Boeing |
| Branches: | Transport |
Content |
2025: Defects in fastening elements
In mid-March 2025, it became known that hundreds of Boeing 787 aircraft use low-quality fastening elements that threaten safety. In particular, in a certain situation, for example during an emergency landing, these components may cause the floor panels to detach.
The investigation is conducted by Italian law enforcement agencies. In May 2020, police detained two men draining chemical waste into a sewer in the southern port city of Brindisi, near a small factory producing components for airliners. Five years later, this rank-and-file environmental pollution case escalated into a large-scale judicial investigation: it turned out that thousands of substandard parts produced in Italy were used in Boeing aircraft.
At the center of the scandal was a small manufacturer of aircraft parts Manufacturing Process Specification (MPS). The investigation found that instead of the strong titanium alloy needed to make the fastening elements, the company used cheaper and less wear-resistant pure titanium. For four years, substandard parts were supplied to aerospace customers through the Italian group Leonardo, which makes two fuselage sections for the Boeing 787 at the Grottaglia plant.
The case file says that defective floor mount elements were found in 477 Boeing 787 aircraft that are in operation. Italian prosecutors accuse the head of the MPS quality department, the owner of this company and three of his relatives of fraud and violation of flight safety rules. Two more workers are accused of soil and water pollution. Boeing and Leonardo are listed as the injured party.[1]
2019
Researcher found Boeing 787 source code on the network
IOActive specialist Ruben Santamarta presented an extremely interesting talk at the Black Hat conference[2]. The researcher said that in September 2018, he accidentally managed to find the source codes of the Boeing 787 Dreamliner on the network. Subsequently, it was confirmed that these work-in-progress codes were accidentally left on a public Boeing server owned by the RnD division[3].
Having studied the source code, the researcher found a number of vulnerabilities in them and came to the conclusion that thanks to these bugs, theoretically, even hijacking is possible.
Santamarta explains that there are essentially three electronic networks on board the Boeing 787: the first that runs different non-critical systems, such as an on-board entertainment system; the second, more isolated, where more important applications reserved for crew and maintenance are based; and the third, most protected, dedicated to avionics (a collection of all systems designed for use in aviation as airborne instruments).
On a publicly available Boeing server, the expert was able to find the sources related to the second network: the Crew Information System/Maintenance System (CIS/MS) firmware, as well as the Onboard Networking System (ONS) for the Boeing 787 and 737.
After analyzing the sources, as well as examining the documents found in open sources, Santamarta identified a number of problems in the code. For example, in his report, the researcher proposes to use bugs in the on-board entertainment system in the first network in order to penetrate the second network and exploit vulnerabilities in CIS/MS there, eventually getting into the third network, where it will be possible to connect to avionics, influence instrument readings and even hijack the aircraft.
In the code studied, IOActive employees were able to identify hundreds of links to unsafe function calls in custom parts of the VxWorks CIS kernel implementation. Problems were also found related to integer overflows, buffer overflows, denial of service, out-of-bound reading and writing, violation of the integrity of information in memory, and so on.
At the same time, the expert emphasizes that he failed to work with the real Boeing 787 "live," that is, all tests were carried out on an uncertified platform, and Santamarta could not make sure for certain that he could really exploit the vulnerabilities found and use them to control the flight control systems.
Representatives of IOActive contacted engineers from Boeing and Honeywell (developer of CIS/MS), and they confirmed the presence of problems in the Boeing 787 code. However, at the same time, the developers reported that they were unable to reproduce the attacks described by the researchers in practice and seize control of avionics, which means that aircraft systems cannot be considered vulnerable. In addition, Boeing assures that the company has already taken protective measures that further interfere with the operation of bugs. IOActive could not confirm or deny this statement.
Boeing representatives told The Register that they were "disappointed with the irresponsible and misleading presentation of IOActive." IOActive researchers studied just one part of Boeing's 787 network, using "rudimentary tools" to do so, without access to other systems and the actual work environment, company officials said. But the researchers decided to ignore these restrictions and confirmed test results conducted by Boeing specialists themselves, and now make "provocative statements that they had access, and they analyzed the working system."
Notes
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |