https://www.csoonline.com/article/3451585/boeings-poor-information-security-posture-threatens-passenger-safety-national-security-researcher-s.html
By J.M. Porup
Senior Writer
CSO
November 5, 2019
Boeing's poor information security practices threaten aviation safety and
national security, security researcher Chris Kubecka told an audience at the
Aviation Cyber Security conference in London today.
Boeing test development networks are publicly exposed to the internet, Kubecka
said, and at least one of Boeing's email servers is infected with multiple
strains of malware. Kubecka believes that the infected email servers are being
used to exfiltrate sensitive intellectual property including code used in both
civilian passenger aircraft as well as aircraft Boeing sells to the US
military.
[Editor's note: This article has been updated to add comments from Boeing and
the FAA.]
Kubecka, a well-respected security researcher, critical infrastructure expert,
and Air Force veteran, tells CSO she has struggled to report what she calls
blatant, easily fixable security issues for more than six months. She also
alleges that Boeing, through back channels at DEF CON, threatened her with
legal action and a public relations smear campaign to prevent her from going
public. Kubecka declined to identify who made the threats, when and where they
were made, or how they might be associated with Boeing.
"If I saw a broken door on an aircraft, I would not get in trouble for
reporting to the FAA that the plane flew," Kubecka tells CSO. "But as a
security researcher, it's legally fraught to report security vulnerabilities."
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
