The presentation discusses the discovery of a publicly exposed Boeing server and the vulnerabilities found in the 787 core networking system. The speaker shares their methodology and findings, highlighting the lack of comparable level mitigations and the need for further investigation.
- The speaker discovered a publicly exposed Boeing server containing interesting files
- They were able to access the 787 core networking system and other components
- The framework they accessed was block level and in production
- The methodology involved limited access, reverse engineering, and analysis of documents and binaries
- The 787 is a complex system with different functionalities and criticality levels
- The common computing resource cabinet contains modules that run the core functionality of the aircraft
- There are no comparable level mitigations in the binaries analyzed
- The speaker questions the claims made by Boeing and Honeywell regarding the exploitability of the vulnerabilities found
- Further investigation is needed to address the vulnerabilities and prevent potential attacks
The speaker compares the approach used by Honeywell to review the 787 network to hitting a laptop with a rock and causing the polarities to jump off. They also question the existence of a super secret system that can prevent exploitation of vulnerabilities on a commercial server. The speaker emphasizes the importance of sharing details to motivate investigation and prevent potential attacks.