Boeing's poor information security posture threatens passenger safety, national security, researcher says

[InfoSec News <alerts () infosecnews org>]

https://www.csoonline.com/article/3451585/boeings-poor-information-security-posture-threatens-passenger-safety-national-security-researcher-s.html

By J.M. Porup
Senior Writer
CSO
November 5, 2019

Boeing's poor information security practices threaten aviation safety and 
national security, security researcher Chris Kubecka told an audience at the 
Aviation Cyber Security conference in London today.

Boeing test development networks are publicly exposed to the internet, Kubecka 
said, and at least one of Boeing's email servers is infected with multiple 
strains of malware. Kubecka believes that the infected email servers are being 
used to exfiltrate sensitive intellectual property including code used in both 
civilian passenger aircraft as well as aircraft Boeing sells to the US 
military.

[Editor's note: This article has been updated to add comments from Boeing and 
the FAA.]

Kubecka, a well-respected security researcher, critical infrastructure expert, 
and Air Force veteran, tells CSO she has struggled to report what she calls 
blatant, easily fixable security issues for more than six months. She also 
alleges that Boeing, through back channels at DEF CON, threatened her with 
legal action and a public relations smear campaign to prevent her from going 
public. Kubecka declined to identify who made the threats, when and where they 
were made, or how they might be associated with Boeing.

"If I saw a broken door on an aircraft, I would not get in trouble for 
reporting to the FAA that the plane flew," Kubecka tells CSO. "But as a 
security researcher, it's legally fraught to report security vulnerabilities."

[...]



--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_