Boeing could be at the centre of another security breach after reports detail how a security flaw could allow a hacker access to the plane’s network.
Rueben Santamarta, a security researcher, was searching the web late last year, looking for technical documents relating to the cybersecurity of airplanes. Much to his surprise, he stumbled across an unprotected server within Boeings network, revealing code designed to run on the 737 and 787 passenger Boeing passenger jets.
A year down the line and Mr Santamarta claims that the leaked code has led him to a security flaw in a component of the 787’s model, suggesting that hackers could exploit these bugs and take control of the in-flight entertainment systems and safety-critical components such as flight controls and sensors.
Boeing has outright denied the claims that an attack is possible and advised that they have tested the findings, in a lab and airplane, finding that “existing defences in the broader 787 network, prevent the scenarios claimed”. Boeing advised they went to the lengths of putting a 787 jet into flight mode for testing, with their security engineers attempting to exploit the vulnerabilities highlighted by Mr Santamarta.
Mr Santamarta himself also admitted that he doesn’t have access to a 787 jet or alternatively further visibility into Boeings network and therefore cannot confirm his claims. Although unverified, his findings highlight a flaw in the Boeing security system, with sensitive information being openly available to the public.
A Federal Aviation Administration (FAA) spokesperson advised they had been working with Boeing and the Department of Homeland Security to assess the claims and the agency is “satisfied with the assessment of the issue.”
These new claims of a security flaw come at a time where Boeing is already under investigation, after their newest 737 model was grounded. The 737 Max is under scrutiny after faulty controls contributed to two fatal crashes.
