Boeing 787 jet entertainment system software vulnerable to hacking, engineer says
An engineer for a cyber-software company said he found serious security and safety flaws with the Boeing 787 jets.
The engineers said a code vulnerability in the jets software can be hacked through the plane's entertainment system.
Both Boeing and the FAA are disputing a report.
Chicago based Boeing released a statement that said:
IOActive's scenarios cannot affect any critical or essential airplane system and do not describe a way for remote attackers to access important 787 systems like the avionics system.
After working with IOActive to understand its research, Boeing and its partners tested their findings in integrated environments, both in labs and on an airplane. Our extensive testing confirmed that existing defenses in the broader 787 network prevent the scenarios claimed.
IOActive reviewed only one part of the 787 network using rudimentary tools, and had no access to the larger system or working environments. IOActive chose to ignore our verified results and limitations in its research, and instead made provocative statements as if they had access to and analyzed the working system. While we appreciate responsible engagement from independent cybersecurity researchers, we're disappointed in IOActive's irresponsible presentation.
The FAA also released a statement that said it's working with Boeing and the Department of Homeland Security, and is satisfied with its assessment of the issue:
The Federal Aviation Administration (FAA) is aware of recent claims alleging potential cybersecurity vulnerabilities of the Boeing 787. We have been working with the Department of Homeland Security and Boeing from the moment the research was disclosed and are satisfied with the assessment of the issue. For security and proprietary reasons, the FAA does not disclose details about certificate holders' cybersecurity protections.
The FAA and industry have been working together to protect aircraft from unauthorized intentional electronic interaction (UIEI) for more than 15 years, and it should be noted that no commercial accidents or incidents involving UIEIs have been reported. We have great confidence in the multiple levels of safety and security that go into the certification of U.S. commercial aircraft. The FAA continually works with the industry to strengthen the defense against cybersecurity threats.
WATCH: Boeing CEO speaks at annual shareholders meeting in Chicago
Earlier this year Boeing said they were close to fixing the software problem that likely contributed to two deadly crashes involving the 737 MAX aircraft.
'Clear similarities' in Boeing crashes in Ethiopia, Indonesia, preliminary data shows
Within the last year, there have been two plane crashes that involved Boeing's new MAX planes: Lion Air Flight 610, killing all 189 people on board, and Ethiopian Airlines Flight 302, killing all 157 people on board.
In July, the family of Antoine Lewis, a U.S. Army Captain from south suburban Matteson who was killed in the crash of Ethiopian Airlines Flight 302, announced they were filing a lawsuit against the Boeing Company.
Wife of Matteson man killed in Boeing MAX crash calls for removal of Boeing MAX planes
In March, President Donald Trump announced that the FAA was ordering the immediate grounding of all Boeing 737 MAX 8 and MAX 9 aircraft in the U.S. The decision came after days of mounting pressure from other countries that left the U.S. as one of the last to make the call following a deadly crash in Ethiopia.
RELATED:
Boeing didn't tell airlines that safety alert wasn't on
Boeing holds annual shareholders meeting in Chicago; more lawsuits filed in 737 MAX 8 crashes
Boeing plant under scrutiny after Times article claims weak oversight, shoddy production
FBI joins investigation into Boeing MAX planes following crashes
Cuba plane crash: Airliner with 110 aboard crashes, burns in field
