Security flaws exist in all kinds of software, and depending on the context, these drawbacks can represent all sorts of risk scenarios. A report by vulnerability testing experts mentions that Boeing Corporation has identified new issues affecting the software of the Boeing 737 MAX aircraft.
The new security flaw was discovered while an external company conducted a technical audit, a routine process in the development of this class of technology. The technical details behind this vulnerability are still unknown.
Boeing claims it is already in collaboration with the US Federal Aviation Administration’s vulnerability testing teams for the bug correction process.
Boeing had already released some documents relating to the early flight tests of the 737 MAX, during which pilots identified some problems with multiple control systems on the aircraft.
Since November 2019, Boeing ceased to be authorized to issue airworthiness certificates for 737 MAX aircraft, meaning that this aircraft was not in a position to operate safely under normal conditions.
According to vulnerability testing specialists at the International Institute of Cyber Security (IICS), Boeing suspended the operations of the 737 MAX after two accidents in the past year, which resulted in the deaths of 346 People. In addition, Dennis Meulenberg, the company’s director, was fired from his position.
However, the problems are not only for Boeing, as a few months ago it was reported that Comac, a state-controlled China aerospace company, would have conducted a complex corporate espionage campaign to access the most specific details about Boeing’s developments, both in terms of the design, control mechanisms and software of the U.S. company’s aircraft. Stolen intellectual property had been used in the development of C919, Comac’s most advanced aircraft.
If these reports are confirmed, the Chinese company could also face the occurrence of these safety failures, which not only compromise flight systems, but also expose huge risks to passengers and crew.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.