Report: Boeing 787 Code Left Unprotected on Public Server

Virgin Australia delays Boeing 737 MAX order

A new report by Wired Magazine revealed that Boeing accidentally left important code for its 737 and 787 aircraft on a publicly accessible server.

Cybersecurity expert Ruben Santamarta of Madrid claims that he was able to access code designed to run the 737 and 787 Boeing airliners. According to a report by Wired Magazine, Santamarta found important code for Boeing’s aircraft on an unprotected server on the company’s network, available to anyone and not requiring special access to read.

Santamarta claims that the code reveals a security flaw in the 787 Dreamliner line. According to Santamarta, this security flaw could potentially allow a hacker to access the flight control system.

Now, nearly a year later, Santamarta claims that leaked code has led him to something unprecedented: security flaws in one of the 787 Dreamliner’s components, deep in the plane’s multi-tiered network. He suggests that for a hacker, exploiting those bugs could represent one step in a multi­stage attack that starts in the plane’s in-flight entertainment system and extends to highly protected, safety-critical systems like flight controls and sensors.

Boeing claimed in a statement that Santamarta and his company IOActive are wrong in the claim that the code presents a vulnerability to their aircraft’s security. Boeing even went as far to call Santamarta’s findings an “irresponsible presentation.”

“IOActive’s scenarios cannot affect any critical or essential airplane system and do not describe a way for remote attackers to access important 787 systems like the avionics system,” Boeing said in a brief statement. “IOActive reviewed only one part of the 787 network using rudimentary tools, and had no access to the larger system or working environments. IOActive chose to ignore our verified results and limitations in its research, and instead made provocative statements as if they had access to and analyzed the working system. While we appreciate responsible engagement from independent cybersecurity researchers, we’re disappointed in IOActive’s irresponsible presentation.”

Boeing claims that they tested Santamarta’s claims on an actual Boeing 787. According to their private investigation, the code uncovered by Santamarta cannot be used to undermine the security of their aircraft.

Stay tuned to Breitbart News for more updates on this story.


Please let us know if you're having issues with commenting.