The largest expert travel community:
  • 768,909 Total members
  • 8,897 Users online now
  • 1,721,470 Threads
  • 31,545,012 Posts

Leaked Dreamliner Code Reveals “Startling” Vulnerabilities

Leaked Dreamliner Code Reveals “Startling” Vulnerabilities
Jeff Edwards

Cybersecurity researcher, Ruben Santamarta, who is perhaps most famous for hacking the inflight entertainment system of a commercial jetliner, says that leaked code used in the Boeing Dreamliner reveals startling vulnerabilities in the plane’s computerized systems. Boeing, however, called the allegations “provocative” and “irresponsible.”

A cybersecurity researcher has offered a presentation on exploitable bugs he discovered in the code used in Boeing Dreamliner aircraft this week at the Black Hat cybersecurity conference in Las Vegas. Ruben Santamarta says he was surprised to find the code used in Boeing’s 737 and 787 aircraft readily available online, but he was even more shocked to find flaws in the software which could allow hackers to take control of some of the Dreamliner’s systems.

“We don’t have a 787 to test, so we can’t assess the impact,” Santamarta told Wired’s Andy Greenberg.  “We’re not saying it’s doomsday, or that we can take a plane down. But we can say: This shouldn’t happen.”

Boeing has mostly downplayed Santamarta’s research, insisting that the potentially exploitable aspects identified in the code do not include any flight critical systems. Peers who reviewed the white paper on potential flaws in the Boeing software say that the aviation giant’s defensiveness and the fact that Santamarta was able to easily access the code online, raise red flags even beyond the security concerns raised in the cybersecurity researcher’s report.

Santamarta’s firm, IOActive, claims to have found multiple serious and troubling flaws, in the Dreamliner’s computerized Crew Information Service/Maintenance System (CIS/MS). He admits that without access to the systems themselves, it would be impossible to say just how dangerous the exploitable bugs might be.

“IOActive’s scenarios cannot affect any critical or essential airplane system and do not describe a way for remote attackers to access important 787 systems like the avionics system,” Boeing said in a statement refuting Santamarta’s findings. “IOActive reviewed only one part of the 787 network using rudimentary tools, and had no access to the larger system or working environments. IOActive chose to ignore our verified results and limitations in its research, and instead made provocative statements as if they had access to and analyzed the working system. While we appreciate responsible engagement from independent cybersecurity researchers, we’re disappointed in IOActive’s irresponsible presentation.”

Santamarta first earned notoriety in 2015 after claiming that he successfully gained control of a Panasonic Avionics in-flight entertainment system by using onboard wifi. This claim was vehemently disputed by airline industry leaders.


[Featured Image: istock]

View Comments (4)


  1. edgewood49

    August 14, 2019 at 6:53 am

    Where’s the proof can he actually demonstrate that he has in fact code access? I wonder

  2. MitchR

    August 14, 2019 at 7:47 am

    Gaining control of the entertainment system is a far cry from hacking an actual avionic system.

  3. Sydneyberlin

    August 15, 2019 at 9:05 pm

    Given that Boeing has lost any public trust by now, we can ignore the corporate spin and purposefully book Airbus planes over Boeing. I’ve been doing this for many years for comfort alone but now I’d also advise this for security reasons as well. Boeing as a corporate entity appears more and more like rotten to the core.

  4. DrunkCargo

    August 16, 2019 at 10:09 am

    Gaining control of IFE could result in content being displayed that would cause disruption in cabin. Manipulating 300+ autonomous actors to panic could have a worse effect than manipulating some minor avionics system.

You must be logged in on the FORUM to post a comment Login

Leave a Reply


More in Aircraft

Qantas’ CEO Considers the 737 MAX

Taylor RainsFebruary 25, 2020

The MAX Was “Designed By Clowns Supervised by Monkeys”

FlyerTalkJanuary 10, 2020

Amazon Strikes A Sweet Deal With Sun Country Airlines

Taylor RainsDecember 19, 2019

Copyright © 2014 Top News Theme. Theme by MVP Themes, powered by Wordpress.


I want emails from FlyerTalk with travel information and promotions. I can unsubscribe any time using the unsubscribe link at the end of all emails