Maybe not earth-shattering, but probably worth reading and considering:

A Boeing Code Leak Exposes Security Flaws Deep in a 787's Guts (https://www.wired.com/story/boeing-787-code-leak-security-flaws/)

Late one night last September, security researcher Ruben Santamarta sat in his home office in Madrid and partook in some creative googling, searching for technical documents related to his years-long obsession: the cybersecurity of airplanes. He was surprised to discover a fully unprotected server on Boeing's network, seemingly full of code designed to run on the company's giant 737 and 787 passenger jets, left publicly accessible and open to anyone who found it. So he downloaded everything he could see.

Now, nearly a year later, Santamarta claims that leaked code has led him to something unprecedented: security flaws in one of the 787 Dreamliner's components, deep in the plane's multi-tiered network. He suggests that for a hacker, exploiting those bugs could represent one step in a multi*stage attack that starts in the plane’s in-flight entertainment system and extends to highly protected, safety-critical systems like flight controls and sensors.
Andy Greenberg writes about security for wired. He is the author of the forthcoming book Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers.

Boeing flatly denies that such an attack is possible, and it rejects his claim of having discovered a potential path to pull it off. Santa*marta himself admits that he doesn't have a full enough picture of the aircraft—or access to a $250 million jet—to confirm his claims. But he and other avionics cybersecurity researchers who have reviewed his findings argue that while a full-on cyberattack on a plane's most sensitive systems remains far from a material threat, the flaws uncovered in the 787's code nonetheless represent a troubling lack of attention to cybersecurity from Boeing. They also say that the company's responses have not been altogether reassuring, given the critical importance of keeping commercial airplanes safe from hackers.

More (https://www.wired.com/story/boeing-787-code-leak-security-flaws/)

Good timing to try and plug one's book whilst Boeing is in the limelight. Coincidence?!!

Good timing to try and plug one's book whilst Boeing is in the limelight. Coincidence?!!
But is it Accurate?

Havinng taken the download - did he then tell Boeing so that they could secure it?

Havinng taken the download - did he then tell Boeing so that they could secure it?

It appears that he did, which would be standard practice for people in his corner of the hacking world. Boeing said there is no problem, so nothing to secure. Not everyone agrees.

I would suggest that a good place to start thinking about this, even before digging into details, is with this question: "What were the system architects thinking when they decided that it was OK to have an inflight entertainment system that is not physically separated from flight control systems?" Some air gaps are really very important.

Good timing to try and plug one's book whilst Boeing is in the limelight. Coincidence?!!

I don't think it much matters whether or not the timing is coincidental. At least, it shouldn't matter to the industry, the regulators and the flying public. The only real issue for all of us is whether and to what extent the information the hacker has published reveals potential cybersecurity vulnerabilities in the 787.

I would suggest that a good place to start thinking about this, even before digging into details, is with this question: "What were the system architects thinking when they decided that it was OK to have an inflight entertainment system that is not physically separated from flight control systems?" Some air gaps are really very important.

I'm not in the aviation industry but I do know a moderate amount about netsec. Are you sure they're not physically separated? Not that it's something I've looked into in detail, but everything I've heard from people who are in a position to know about the actual network configuration in aircraft suggests that they are (obviously I don't know the details but that's my strong impression), and as you say it would be monumentally stupid to design the system any other way.

The only exploits for which I've seen credible evidence are things like GNSS spoofing, which, while it has the potential to be an enormous pain in the **** and under some circumstances could be a contributing factor in an accident, is by itself not going to be enough to 'hack' a plane in the media sense of hijacking it and flying it into terrain/populated areas. Besides that one weirdo who claimed to have made the plane he was on 'fly sideways' a few years ago, I haven't seen anyone who's not a tabloid journalist suggest that flight controls could be taken over via the IFE.

This follows on from the 2016 demonstration of the vulnerabilities with the Boeing 757

From Avionics InternationalA team of government, industry and academic officials successfully demonstrated that a commercial aircraft could be remotely hacked in a non-laboratory setting last year, a U.S. Department of Homeland Security (DHS) official said Wednesday at the 2017 CyberSat Summit in Tysons Corner, Virginia.“We got the airplane on Sept. 19, 2016. Two days later, I was successful in accomplishing a remote, non-cooperative, penetration,” said Robert Hickey, aviation program manager within the Cyber Security Division of the DHS Science and Technology (S&T) Directorate.

https://www.aviationtoday.com/2017/11/08/boeing-757-testing-shows-airplanes-vulnerable-hacking-dhs-says/

JAS

https://cimg4.ibsrv.net/gimg/pprune.org-vbulletin/765x428/boeing_response_9b7f41e814789c46dc271ae4cc8419594f85dc4c.jpg

https://cimg4.ibsrv.net/gimg/pprune.org-vbulletin/765x428/boeing_response_9b7f41e814789c46dc271ae4cc8419594f85dc4c.jpg

Surely only one footnote is necessary -

* - Verified by the designers of MCAS.

Conclusions

We hope that a determined, highly capable third party can safely confirm that these vulnerabilities are not exploitable due to the mitigation controls not visible to us during this analysis. We are confident owners and operators of these aircraft would welcome such independent validation and verification.

We believe as strongly in safety as we do in security. We provide these detailed findings herein so that all stakeholders, security industry and affected entities can form their own judgment as to the exploitability and impact of these confirmed software vulnerabilities.

Arm IDA and Cross Check: Reversing the 787’s Core Network (https://i.blackhat.com/USA-19/Wednesday/us-19-Santamarta-Arm-IDA-And-Cross-Check-Reversing-The-787-Core-Network.pdf)

"sprintf" is NOT an unexploitable function - it can (and has in the past) been used as an exploit for buffer overruns.

By contrast, "snprintf" (note the extra 'n') is MUCH safer, the 'n' being a buffer limit length set by the programmer.

Also it beggars belief that they allow "sprintf" in their coding standard, we use "snprintf" and similar exclusively, to cut down on the possibility of bugs and exploits, and it's usual practice these days for C programmers in industry.

"Compiler level-mitigations can work even if they are not added to the resulting binary."

Santamarta has a rather sharp sense of humor. And he doesn't seem fazed by Boeing's response.

As pointed out just above, sprintf is definitely exploitable. For some basic insight, Google "format string attacks."

"sprintf" is NOT an unexploitable function - it can (and has in the past) been used as an exploit for buffer overruns.


True in general, if this is the sprintf() function out of stdlib with a standard compiler. But if used correctly, it should be easy to prove, for each invocation of the function, what the maximum length of the resulting string is and if the provided buffer is long enough under any condition. If both conditions hold the call would not be exploitable.

I do assume that Boeings code standards require formal proof for each and every line of code. It would also be very possible that Boeing uses a compiler that performs extra memory management steps and explicitely forbids writing outside of allocated memory space for a specific pointer. That would also make it unexploitable but also break strict C language specifications.

But in the general case you're right, using snprintf is an easy way to prevent a buffer overflow if all those precautions had not been taken and/or an error was made in the proof or the implementation of those compiler level memory management precautions.

"sprintf" is NOT an unexploitable function - it can (and has in the past) been used as an exploit for buffer overruns.

By contrast, "snprintf" (note the extra 'n') is MUCH safer, the 'n' being a buffer limit length set by the programmer.

Also it beggars belief that they allow "sprintf" in their coding standard, we use "snprintf" and similar exclusively, to cut down on the possibility of bugs and exploits, and it's usual practice these days for C programmers in industry.
You might be right, if they take care of the technical debt and have some kind of static analysis going that picks up unsafe practices.

Comment on theregister website:
"Wouldn't it be best to let IOActive onboard a 787 and tell them, "Have at it!"? If the plane is truly unhackable, as Boeing claims, then IOActive will not be able to do any harm, and Boeing will then be able to loudly and publicly proclaim that their own internal experts and an unpaid but motivated group of third-party pen testers were unable to find any exploits. Might even bump up Boeing's reputation, not to mention share price. Seems like a win-win to me.

They're not willing to do that? I wonder why. "