| Recurring |
one_organization, multiple_organization |
(a) The software failure incident related to Boeing's 787 Dreamliner and the security flaws in its code represents a troubling lack of attention to cybersecurity from Boeing. Security researcher Ruben Santamarta discovered serious security flaws in the code for a component of the 787 known as a Crew Information Service/Maintenance System (CIS/MS) [88023]. Boeing denies the possibility of a cyberattack and claims that their airplanes are safe from such threats. However, Santamarta's findings highlight significant vulnerabilities in the aircraft's systems, indicating a potential risk to the safety and security of the planes [88023].
(b) The software failure incident involving security flaws in the code for Boeing's 787 Dreamliner is not an isolated case. The incident raises concerns about the cybersecurity measures in the aviation industry as a whole. Santamarta, the security researcher who discovered the flaws, has a history of uncovering vulnerabilities in aerospace systems, including hacking a Panasonic Avionics in-flight entertainment system and presenting vulnerabilities in satellite communication systems at a previous Black Hat conference [88023]. This broader context suggests that cybersecurity issues are not unique to Boeing but may be prevalent across various organizations within the aviation sector. |
| Phase (Design/Operation) |
design |
(a) The software failure incident related to the design phase is evident in the article. Security researcher Ruben Santamarta discovered security flaws in the code for a component of the Boeing 787 known as a Crew Information Service/Maintenance System (CIS/MS) [88023]. These flaws were found to be in the design of the system, indicating a lack of attention to cybersecurity from Boeing during the development phase. Santamarta identified memory corruption vulnerabilities in the CIS/MS, which could potentially allow a hacker to exploit the flaws and gain access to sensitive components controlling the plane's safety-critical systems like the engine, brakes, and sensors. This highlights a failure in the design phase of the software system.
(b) The software failure incident related to the operation phase is also mentioned in the article. Boeing and Honeywell, the supplier of the code for the CIS/MS, conducted extensive testing to determine that there was no threat to flight safety as the critical systems of the 787 could not be affected [88023]. This indicates that the failure was not due to the operation or misuse of the system but rather stemmed from potential vulnerabilities in the design of the software system itself. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) within_system: The software failure incident reported in the articles is related to security flaws found in the code for a component of the Boeing 787 known as a Crew Information Service/Maintenance System (CIS/MS) [88023]. The vulnerabilities discovered by security researcher Ruben Santamarta were within the system's code, specifically in the CIS/MS responsible for applications like maintenance systems and the electronic flight bag used by pilots. These vulnerabilities could potentially allow a hacker to exploit the flaws as a foothold inside a restricted part of the plane's network and pivot to send commands to more sensitive components controlling safety-critical systems [88023]. Boeing and Honeywell, the supplier of the code, have denied that these vulnerabilities pose a real threat to flight safety, emphasizing the security measures in place within the system to prevent exploitation [88023].
(b) outside_system: The software failure incident also involves external factors such as the actions of the security researcher, Ruben Santamarta, who discovered the security flaws by accessing a fully unprotected server on Boeing's network [88023]. Santamarta's external access to the server allowed him to download code related to Boeing's 737 and 787 passenger jets, leading to the discovery of the vulnerabilities within the system's code. Additionally, the incident involves the external scrutiny and response from aviation cybersecurity researchers, industry experts, Boeing, Honeywell, the Federal Aviation Administration, and the Department of Homeland Security, all of whom assessed the potential impact of the vulnerabilities on the aircraft's safety [88023]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in the article is related to non-human actions, specifically due to security flaws in the code for a component of the 787 Dreamliner known as a Crew Information Service/Maintenance System (CIS/MS). Security researcher Ruben Santamarta discovered multiple serious security flaws in the code, including memory corruption vulnerabilities, which could potentially allow a hacker to exploit the flaws as a foothold inside a restricted part of the plane's network. This could lead to sending commands to sensitive components controlling the plane's safety-critical systems like the engine, brakes, and sensors [88023].
(b) The software failure incident in the article is also related to human actions. Boeing, the company responsible for the software in question, denies the possibility of a cyberattack exploiting the security flaws discovered by Santamarta. Boeing conducted its own investigation and testing to refute the claims made by Santamarta. Additionally, there are disagreements between Santamarta and the aerospace industry regarding cybersecurity measures, indicating a human element in the response to the software failure incident [88023]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident occurring due to hardware:
- The article discusses a security researcher, Ruben Santamarta, who discovered security flaws in the 787 Dreamliner's components, specifically in a component known as a Crew Information Service/Maintenance System (CIS/MS) [88023].
- Santamarta found vulnerabilities in the CIS/MS, which is responsible for applications like maintenance systems and the electronic flight bag used by pilots [88023].
- The vulnerabilities in the CIS/MS could potentially allow a hacker to pivot from the in-flight entertainment system to the CIS/MS and send commands to more sensitive components that control the plane's safety-critical systems [88023].
- Boeing countered Santamarta's claims by stating that they have additional protection mechanisms in the CIS/MS and another hardware device between the semi-sensitive Isolated Data Network (IDN) and the highly sensitive Common Data Network (CDN) to prevent exploitation of the vulnerabilities [88023].
(b) The software failure incident occurring due to software:
- The vulnerabilities found by Santamarta in the CIS/MS were related to memory corruption vulnerabilities in the code for that component [88023].
- Santamarta also highlighted a vulnerability in a version of the embedded operating system VxWorks, customized for Boeing by Honeywell, which didn't properly check user parameters when writing to the underlying computer's memory [88023].
- The article mentions that the flaws found in the software, including the VxWorks vulnerability, were considered serious enough to not be dismissed, according to computer science professor Stefan Savage [88023].
- Santamarta's research revealed software flaws that raised concerns about the cybersecurity measures in place for critical systems on the Boeing 787 Dreamliner [88023]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident reported in the articles is related to a malicious objective. Security researcher Ruben Santamarta discovered security flaws in the code for a component of the Boeing 787 known as a Crew Information Service/Maintenance System (CIS/MS) that could potentially be exploited by hackers to access safety-critical systems of the plane, such as flight controls and sensors. Santamarta suggests that exploiting these bugs could lead to a multi-stage attack starting from the in-flight entertainment system [88023].
(b) The incident does not involve a non-malicious objective. |
| Intent (Poor/Accidental Decisions) |
poor_decisions, accidental_decisions |
The intent of the software failure incident can be categorized as both poor_decisions and accidental_decisions based on the information provided in the articles.
1. Poor_decisions:
The incident involving the security flaws in Boeing's 787 Dreamliner's components, particularly in the Crew Information Service/Maintenance System (CIS/MS), can be attributed to poor decisions related to cybersecurity practices. Security researcher Ruben Santamarta discovered serious security flaws in the code for the CIS/MS, indicating a lack of attention to cybersecurity from Boeing [88023]. Despite Santamarta's findings, Boeing denied the possibility of a cyberattack and dismissed the claims as not representing a real threat. This response could be seen as a poor decision in addressing the identified vulnerabilities [88023].
2. Accidental_decisions:
On the other hand, the incident can also be linked to accidental decisions or unintended consequences. The vulnerabilities found in the CIS/MS, including memory corruption vulnerabilities, could have been unintentional mistakes in the software development process that led to potential security risks [88023]. Additionally, the flaws highlighted by Santamarta, such as the parameter-check privilege escalation vulnerability in the VxWorks operating system customized for Boeing by Honeywell, may have been accidental oversights in the software design and implementation [88023].
Therefore, the software failure incident involving the security flaws in Boeing's 787 Dreamliner's components appears to involve a combination of poor decisions in cybersecurity practices and accidental decisions or unintended consequences in software development. |
| Capability (Incompetence/Accidental) |
development_incompetence, accidental |
(a) The software failure incident reported in the articles can be attributed to development incompetence. Security researcher Ruben Santamarta discovered serious security flaws in the code for a component of the Boeing 787 known as a Crew Information Service/Maintenance System (CIS/MS) [88023]. These flaws included memory corruption vulnerabilities that could potentially allow a hacker to pivot from the in-flight entertainment system to the CIS/MS and then send commands to sensitive components controlling the plane's safety-critical systems like the engine, brakes, and sensors. Despite Santamarta's findings, Boeing denied the possibility of a cyberattack and claimed that their security measures would prevent such exploitation [88023].
(b) The software failure incident can also be considered accidental as the vulnerabilities found in the CIS/MS code were not intentionally introduced but were due to flaws in the software development process. Santamarta highlighted a vulnerability in the embedded operating system VxWorks, customized for Boeing by Honeywell, which did not properly check for overwriting the kernel when writing to the computer's memory [88023]. This parameter-check privilege escalation vulnerability was deemed a serious flaw by experts, indicating a lack of attention to security best practices during the software development process. |
| Duration |
temporary |
The software failure incident reported in the articles is more temporary rather than permanent. The incident involves security flaws in the code for a component of the 787 Dreamliner known as a Crew Information Service/Maintenance System (CIS/MS) [88023]. Security researcher Ruben Santamarta discovered serious security vulnerabilities in the CIS/MS, which could potentially allow a hacker to pivot from the in-flight entertainment system to send commands to more sensitive components controlling the plane's safety-critical systems like the engine, brakes, and sensors. Boeing denies that such an attack is possible and states that their security barriers would prevent the exploitation of these vulnerabilities [88023].
Additionally, Boeing conducted tests on an actual Boeing 787 in "flight mode" to attempt to exploit the vulnerabilities identified by Santamarta, but they were unable to carry out a successful attack. Honeywell, the supplier of the code for the CIS/MS, also stated that after extensive testing, they determined there is no threat to flight safety as the 787's critical systems cannot be affected [88023]. These responses indicate that the software failure incident is more temporary in nature, as the vulnerabilities identified have not led to a permanent failure of the system. |
| Behaviour |
other |
(a) crash: The software failure incident reported in the article does not involve a crash where the system loses state and does not perform any of its intended functions. Instead, it focuses on potential security flaws in the code for a component of the 787 Dreamliner known as a Crew Information Service/Maintenance System (CIS/MS) [88023].
(b) omission: The incident does not involve a failure due to the system omitting to perform its intended functions at an instance(s). It primarily revolves around security vulnerabilities found in the CIS/MS, which could potentially allow a hacker to pivot from the in-flight entertainment system to more sensitive components controlling the plane's safety-critical systems [88023].
(c) timing: The software failure incident is not related to the system performing its intended functions correctly but too late or too early. It is more focused on the security implications of potential vulnerabilities in the 787 Dreamliner's code [88023].
(d) value: The incident does not involve a failure due to the system performing its intended functions incorrectly. It is centered around the discovery of memory corruption vulnerabilities in the CIS/MS, which could be exploited by a hacker to access sensitive components of the aircraft's network [88023].
(e) byzantine: The software failure incident does not exhibit a byzantine behavior where the system behaves erroneously with inconsistent responses and interactions. It primarily highlights concerns about cybersecurity vulnerabilities in the 787 Dreamliner's code and the potential implications for the safety of the aircraft [88023].
(f) other: The behavior of the software failure incident can be categorized as a security vulnerability disclosure. The incident involves a security researcher discovering flaws in the code for a component of the 787 Dreamliner, highlighting potential risks of exploitation by hackers to access critical systems of the aircraft [88023]. |