Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Friday August 09 2019, @04:09AM   Printer-friendly
from the fly-the-unfriendly-skies dept.

At the hacking conference in Las Vegas on Wednesday, Ruben Santamarta, principal security consultant at pen-testing biz IOActive, told attendees he had found bugs in software used aboard the jetliners.

It is important to note that there are essentially three electronic networks on a 787: the first is home to non-critical stuff like the in-flight entertainment system; the second is used by slightly more important applications reserved for crew and maintenance teams; and the third is used by the vital avionics gear that controls the airplane's flight and reads its sensors.

The software Santamarta probed – a crew information service – lives on the second network. He suggested it may be possible to exploit holes in, say, the in-flight entertainment system on the first network to access the adjoining second network where one could abuse the flaws he found in the crew information software to then reach into the adjoining third network. Once there, one could tap into the avionics equipment to hijack the 787, in theory.

Boeing, however, insists the software on the second network cannot be exploited as IOActive described, nor can a miscreant direct the avionics from other networks, due to restrictions in place, such as hardware filters that only allow data to flow between networks rather than instructions or commands. El Reg quietly hopes the avionics can't be taken over by malformed data that triggers vulnerabilities within the flight control systems on the third network.

During his talk, Santamarta acknowledged he had no way of proving he could actually commandeer the flight control systems via the holes he found in the crew-facing software. For one thing, he couldn’t persuade Boeing to let him loose on a real passenger jet.

“We have confirmed the vulnerabilities, but not that they are exploitable, so we are presenting why we think they are,” he said. “We have got very limited data, so it’s impossible to say if the mitigation factors Boeing say they have work. We offer them our assistance.”


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by darkfeline on Friday August 09 2019, @11:44PM

    by darkfeline (1030) on Friday August 09 2019, @11:44PM (#878066) Homepage

    >hardware filters that only allow data to flow between networks rather than instructions or commands

    Data IS code. Here's some plaintext data, guess what happens if you feed it to sh:

    for i in /dev/*; do cat /dev/urandom > $i; done

    Seriously though, if you think it's safe to feed untrusted data to any arbitrary process, I want off your plane.

    --
    Join the SDF Public Access UNIX System today!
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2