{"id":25673,"date":"2022-08-13T11:22:19","date_gmt":"2022-08-13T05:52:19","guid":{"rendered":"https:\/\/aviationa2z.com\/?p=25673"},"modified":"2022-08-13T11:22:21","modified_gmt":"2022-08-13T05:52:21","slug":"breaking-pen-test-partners-fix-the-digital-vulnerability-on-boeing-aircraft-system-that-could-be-hacked-exclusive","status":"publish","type":"post","link":"https:\/\/aviationa2z.com\/index.php\/2022\/08\/13\/breaking-pen-test-partners-fix-the-digital-vulnerability-on-boeing-aircraft-system-that-could-be-hacked-exclusive\/","title":{"rendered":"BREAKING: Pen Test Partners fix the digital vulnerability on Boeing aircraft system that could be hacked | Exclusive"},"content":{"rendered":"\n<p><strong>Las Vegas, 13 Aug,<\/strong> A Cybersecurity solution provider <a href=\"https:\/\/www.pentestpartners.com\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Pen Test Partners <\/a>have fixed the digital vulnerability on the Boeing aircraft computer system that could allow the hackers to run a malicious code, modify data and cause pilots to make dangerous miscalculations.<\/p>\n\n\n\n<p>The security gaps in the older version of Boeing&#8221;s <strong>Onboard performance tool<\/strong> could make it susceptible to attack by Hackers.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-digital-vulnerability-on-boeing-planes-that-could-be-hacked-is-fixed\">Digital Vulnerability on Boeing planes that could be hacked is Fixed<\/h2>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img fetchpriority=\"high\" decoding=\"async\" src=\"https:\/\/aviationa2z.com\/wp-content\/uploads\/2022\/08\/34200606531_dabce79cf5_b-edited.jpg\" alt=\"Boeing-737-max\" class=\"wp-image-25677\" width=\"1165\" height=\"655\" srcset=\"https:\/\/aviationa2z.com\/wp-content\/uploads\/2022\/08\/34200606531_dabce79cf5_b-edited.jpg 1024w, https:\/\/aviationa2z.com\/wp-content\/uploads\/2022\/08\/34200606531_dabce79cf5_b-edited-600x338.jpg 600w, https:\/\/aviationa2z.com\/wp-content\/uploads\/2022\/08\/34200606531_dabce79cf5_b-edited-300x169.jpg 300w, https:\/\/aviationa2z.com\/wp-content\/uploads\/2022\/08\/34200606531_dabce79cf5_b-edited-768x432.jpg 768w, https:\/\/aviationa2z.com\/wp-content\/uploads\/2022\/08\/34200606531_dabce79cf5_b-edited-750x422.jpg 750w\" sizes=\"(max-width: 1165px) 100vw, 1165px\" \/><figcaption>Boeing-737-max<\/figcaption><\/figure>\n\n\n\n<p>Older versions of a digital tool used to calculate<strong> landing and takeoff speeds on some aircraft<\/strong> could be tampered with by hackers with direct access to an \u201c<strong>Electronic Flight Bag<\/strong>,\u201d or EFB, a tablet device used by pilots to plan flights, Pan test partners said in a report.<\/p>\n\n\n\n<p>While the likelihood of exploiting such gaps is low given existing regulations governing the use and employment of EFBs and Crew Resource Management procedures. Still, if data modification occurs, and the resulting miscalculations are not detected during the crew\u2019s required cross-check or verification process, an aircraft could land on a runway too short or take off at incorrect speeds potentially resulting in a tail strike or runway excursion.<\/p>\n\n\n\n<p>Boeing has<strong> released a new software update and SBs to operators<\/strong> to enhance the security features. It is crucial that operators employing EFB solutions implement physical access control.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What is OTP?<\/h2>\n\n\n\n<p><strong>Onboard Performance Tool<\/strong> or OTP is used by pilots to calculate the landing and takeoff speed of certain Boeing planes.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"790\" height=\"611\" src=\"https:\/\/aviationa2z.com\/wp-content\/uploads\/2022\/08\/image-57.png\" alt=\"Pen Test Partners fix the digital vulnerability on Boeing aircraft system that could be hacked \" class=\"wp-image-25676\" srcset=\"https:\/\/aviationa2z.com\/wp-content\/uploads\/2022\/08\/image-57.png 790w, https:\/\/aviationa2z.com\/wp-content\/uploads\/2022\/08\/image-57-600x464.png 600w, https:\/\/aviationa2z.com\/wp-content\/uploads\/2022\/08\/image-57-300x232.png 300w, https:\/\/aviationa2z.com\/wp-content\/uploads\/2022\/08\/image-57-768x594.png 768w, https:\/\/aviationa2z.com\/wp-content\/uploads\/2022\/08\/image-57-750x580.png 750w\" sizes=\"(max-width: 790px) 100vw, 790px\" \/><figcaption>Image Credits To Pen Test Partners<\/figcaption><\/figure>\n\n\n\n<p>This tool is <strong>Very critical<\/strong> as it helps pilots avoid running out of runway, optimize braking, and to calculate V speeds during Takeoff.<\/p>\n\n\n\n<p>OPT is deployed to a pilot\u2019s electronic flight bag and receives<strong> regular updates<\/strong> to its airport database.<\/p>\n\n\n\n<p>Details about airfields, their runways, obstacles, and other performance calculation factors (like engine type) are stored in <strong>SQLite databases <\/strong>alongside the OPT application. <strong>Aircraft operators<\/strong> can take a feed from Boeing directly, or in some cases generate their own databases with custom software.<\/p>\n\n\n\n<p>OPT itself is commonly found on<strong> iPad-style devices <\/strong>but we have seen OPT in use on ruggedized Windows laptops and tablets as well.<\/p>\n\n\n\n<p>To learn more in-depth about the software vulnerability in Boeing planes check this post by <a href=\"https:\/\/www.pentestpartners.com\/security-blog\/database-integrity-vulnerabilities-in-boeings-onboard-performance-tool\/\" target=\"_blank\" rel=\"noreferrer noopener\">Pen partners.<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Boeing statement over Vulnerability<\/h2>\n\n\n\n<p>They have thanked Pen test Partners for their solutions and stated,<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p><em>Boeing would like to thank Pen Test Partners for their research, professionalism and collaboration. we welcomes future engagement by PTP and other security researchers, and is committed to evaluating any original findings when disclosures are conducted and shared in a responsible and coordinated manner. our company encourages security researchers or others in the community who have identified security issues to utilize Boeing\u2019s VDP.<\/em><\/p><cite>Boeing ststement<\/cite><\/blockquote>\n\n\n\n<p>It&#8217;s better to be safe than sorry, Boeing software updates can save millions of lives. such software glitches are addressed way before they can become a threat.<\/p>\n\n\n\n<p>Also Read, <a href=\"https:\/\/aviationa2z.com\/index.php\/2022\/08\/11\/tata-air-india-new-ceo-visits-airworks-facilities-for-the-first-time-exclusive\/\">TATA Air India New CEO visits AirWorks facilities for the First Time | Exclusive &#8211; Aviation A2Z<\/a><\/p>\n\n\n\n<p>Check out, <a href=\"https:\/\/aviationa2z.com\/index.php\/2022\/08\/12\/shortage-of-pilots-airline-and-airport-staff-globally-exclusive\/\">Shortage of Pilots, airline, and airport staff globally | Exclusive &#8211; Aviation A2Z<\/a><\/p>\n\n\n\n<p>Join Our&nbsp;<strong>Telegram Group<\/strong>&nbsp;for Latest Aviation Updates:-<a href=\"https:\/\/t.me\/aviationa2z\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/t.me\/aviationa2z<\/a><\/p>\n\n\n\n<p>Stay connected with&nbsp;<strong>Aviation A2Z!<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Pen Test Partners have fixed the digital vulnerability on the Boeing aircraft systems that could allow the hackers to run malicious code.<\/p>\n","protected":false},"author":1,"featured_media":25674,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[399,6761],"tags":[3016,392,79,2030,248,7122,7119,7123,7121,7124,81,7120],"class_list":{"0":"post-25673","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-featured","8":"category-news","9":"tag-aerospace-industry","10":"tag-airlines-news","11":"tag-aviation","12":"tag-aviation-a2z-news","13":"tag-boeing","14":"tag-boeing-digital","15":"tag-boeing-digital-vulnerability","16":"tag-boeing-sbs","17":"tag-boeing-software-hack","18":"tag-digital-vulnerability-on-boeing-aircraft-system","19":"tag-latest-aviation-news","20":"tag-pen-test-partners-boeing"},"_links":{"self":[{"href":"https:\/\/aviationa2z.com\/index.php\/wp-json\/wp\/v2\/posts\/25673","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aviationa2z.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aviationa2z.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aviationa2z.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/aviationa2z.com\/index.php\/wp-json\/wp\/v2\/comments?post=25673"}],"version-history":[{"count":2,"href":"https:\/\/aviationa2z.com\/index.php\/wp-json\/wp\/v2\/posts\/25673\/revisions"}],"predecessor-version":[{"id":25678,"href":"https:\/\/aviationa2z.com\/index.php\/wp-json\/wp\/v2\/posts\/25673\/revisions\/25678"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/aviationa2z.com\/index.php\/wp-json\/wp\/v2\/media\/25674"}],"wp:attachment":[{"href":"https:\/\/aviationa2z.com\/index.php\/wp-json\/wp\/v2\/media?parent=25673"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aviationa2z.com\/index.php\/wp-json\/wp\/v2\/categories?post=25673"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aviationa2z.com\/index.php\/wp-json\/wp\/v2\/tags?post=25673"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}