Information Security News mailing list archives
Boeing's poor information security posture threatens passenger safety, national security, researcher says
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 7 Nov 2019 08:19:26 +0000 (UTC)
https://www.csoonline.com/article/3451585/boeings-poor-information-security-posture-threatens-passenger-safety-national-security-researcher-s.html By J.M. Porup Senior Writer CSO November 5, 2019Boeing's poor information security practices threaten aviation safety and national security, security researcher Chris Kubecka told an audience at the Aviation Cyber Security conference in London today.
Boeing test development networks are publicly exposed to the internet, Kubecka said, and at least one of Boeing's email servers is infected with multiple strains of malware. Kubecka believes that the infected email servers are being used to exfiltrate sensitive intellectual property including code used in both civilian passenger aircraft as well as aircraft Boeing sells to the US military.
[Editor's note: This article has been updated to add comments from Boeing and the FAA.]
Kubecka, a well-respected security researcher, critical infrastructure expert, and Air Force veteran, tells CSO she has struggled to report what she calls blatant, easily fixable security issues for more than six months. She also alleges that Boeing, through back channels at DEF CON, threatened her with legal action and a public relations smear campaign to prevent her from going public. Kubecka declined to identify who made the threats, when and where they were made, or how they might be associated with Boeing.
"If I saw a broken door on an aircraft, I would not get in trouble for reporting to the FAA that the plane flew," Kubecka tells CSO. "But as a security researcher, it's legally fraught to report security vulnerabilities."
[...] -- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ https://twitter.com/infosecnews_
Current thread:
- Boeing's poor information security posture threatens passenger safety, national security, researcher says InfoSec News (Nov 07)