Arm IDA and Cross Check: Reversing the Boeing 787's Core Network

Conference:  BlackHat USA 2019



The presentation discusses the discovery of a publicly exposed Boeing server and the vulnerabilities found in the 787 core networking system. The speaker shares their methodology and findings, highlighting the lack of comparable level mitigations and the need for further investigation.
  • The speaker discovered a publicly exposed Boeing server containing interesting files
  • They were able to access the 787 core networking system and other components
  • The framework they accessed was block level and in production
  • The methodology involved limited access, reverse engineering, and analysis of documents and binaries
  • The 787 is a complex system with different functionalities and criticality levels
  • The common computing resource cabinet contains modules that run the core functionality of the aircraft
  • There are no comparable level mitigations in the binaries analyzed
  • The speaker questions the claims made by Boeing and Honeywell regarding the exploitability of the vulnerabilities found
  • Further investigation is needed to address the vulnerabilities and prevent potential attacks
The speaker compares the approach used by Honeywell to review the 787 network to hitting a laptop with a rock and causing the polarities to jump off. They also question the existence of a super secret system that can prevent exploitation of vulnerabilities on a commercial server. The speaker emphasizes the importance of sharing details to motivate investigation and prevent potential attacks.


In 2008 the FAA issued several Special Conditions for The Boeing 787 Dreamliner. There were serious safety and security concerns about the brand-new network design Boeing had implemented, which provided the Dreamliner with some "e-enabled" capabilities never seen before. This scenario raised some alarms in certain security circles that eventually faded out.10 years later, this talk will provide the first public analysis of the Boeing 787's Core Network, revealing previously unknown vulnerabilities that would allow an attacker to compromise the security of the original design. The talk will also elaborate on the additional implications of these security flaws.