Boeing’s war with security experts
Am Sure you can learn successful Blogging secrets through me, am also sure you can learn how to make money online with the help of my updates why not leave your email behind let me show you how.
According to new findings, hackers are at least theoretically likely to break into security-critical systems, but the company rejects such a possibility. Two Boeing fatalities have claimed 346 lives. Boeing continues to dispute whether companies are aircraft susceptible to hacking.
According to experts, the penetration of components of the Boeing 787 Dreamliner ship system is possible. They argue that hackers can at least theoretically break into critical security systems, but Boeing firmly rejects the possibility, though some questions remain open.
In September 2018, Spanish information security expert Ruben Santamarto, an employee of IOActive, opened a public server related to Boeing resources, Wired recalls. It contained a large number of code documents used in the Boeing 737 and Boeing 787 embedded systems. Of course, Santamarta downloaded everything it could.
A year later, Santamarte claimed to have discovered vulnerabilities in the code Boeing 787. It was a special component located “deep in a multi-component network of aircraft.” A series of bugs, or rather, a whole series of bugs, are in the CIS / MS, a system that is responsible for maintenance-related applications and also contains electronically all kinds of pilots manuals and instructions. including navigation documents.
Santamarta boasts that it has identified numerous vulnerabilities that can impair memory integrity. This way, the potential attacker can break through at least this system and strengthen it. The key question is whether a hacker can further penetrate the most important components responsible for engines, chassis, brakes, etc. Boeing, for its part, claims that embedded systems architecture is designed in such a way that such penetration is in principle impossible.
Due to lack of access to actual aircraft systems, Santamarta, by its own admission, is unable to confirm its hypothesis. However, he insists that even such errors – such as those he identified in the aircraft system – should not be tolerated. Boeing Tests For its part, Boeing said corporation representatives investigated the bugs found and concluded they did not pose a threat to critical systems (especially avionics). “IOActive explored only one part of the 787 network using rudimentary tools and did not have access to advanced systems or work environments.
In its study, IOActive chose to ignore our results and limitations that were approved by “third parties” and instead made provocative statements as having access to and ability to analyze work systems. Although we appreciate the responsible involvement of independent cybersecurity experts, we are disappointed with the irresponsibility of the presentation of IOActive, “Boeing said. In an interview with Wired, corporate officials said that during the verification of Santamart’s statements, Boeing’s cybersecurity experts placed the aircraft in flight and tried to exploit these vulnerabilities.
However, they failed to successfully launch the attack. The three Boeing 787 units are divided into three units: Open Data Network (ODN) – an open data network that manages, for example, the passenger entertainment system; Isolated Data Network (IDN) – Isolated data network that hosts CIS / MS and other important but not critical components; and finally the Shared Data Network (CDN), a shared data network that hosts avionics and security services.
While Ruben Santamarta suggests network-to-network capability, Boeing argues that this is not true: all three blocks are isolated from each other, and there is a hardware security device between IDN and CDN that allows data to be exchanged but prevents attempts to send commands to perform operations which could affect flight safety.
For his part, Honeywell, a developer of the vulnerable CIS / MS system, said that despite the problem, it poses no threat to flight safety – it is impossible to attack critical systems via this vulnerability. Impaired reputation Meanwhile, the reputation of the aircraft manufacturer has recently been shaken: after two fatal collisions that claimed 346 lives, the 737 Max liner shut down. The cause of the crash in both cases was obviously a problem in the embedded system code.
The U.S. Department of Transportation has requested a review of the certification process for aircraft such as the 737 Max. According to experts, the vulnerabilities discovered by Santamarta itself could pose a real threat to travelers and travelers alike. Obviously, aviation security cyber security research is still an acute problem.
Boeing’s war with security experts