A Boeing code leak exposes security flaws deep in a 787’s guts | Ars Technica

<

p style=”max-width:100%;color:rgb(27,27,27);font-family:-apple-system-font;font-size:19px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;orphans:auto;text-align:start;text-indent:0;text-transform:none;white-space:normal;widows:auto;word-spacing:0;-webkit-text-size-adjust:none;text-decoration:none;”>

Savage points in particular to a vulnerability Santamarta highlighted in a version of the embedded operating system VxWorks, in this case customized for Boeing by Honeywell. Santamarta found that when an application asks to write to the underlying computer’s memory, the tailored operating system doesn’t properly check that it’s not instead over­writing the kernel, the most sensitive core of the operating system. Combined with several application-level bugs Santamarta found, that so-called parameter-check privilege escalation vulnerability represents a serious flaw, Savage argues, made more serious by the notion that VxWorks likely runs in many other components on the plane that might have the same bug.

<

p style=”max-width:100%;color:rgb(27,27,27);font-family:-apple-system-font;font-size:19px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;orphans:auto;text-align:start;text-indent:0;text-transform:none;white-space:normal;widows:auto;word-spacing:0;-webkit-text-size-adjust:none;text-decoration:none;”>

“Every piece of software has bugs. But this is not where I’d like to find the bugs. Checking user parameters is security 101,” Savage says. “They shouldn’t have these kinds of straightforward vulnerabilities, especially in the kernel. In this day and age, it would be inconceivable for a consumer operating system to not check user pointer parameters, so I’d expect the same of an airplane.”

— Read on arstechnica.com/information-technology/2019/08/a-boeing-code-leak-exposes-security-flaws-deep-in-a-787s-guts/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s