Boeing’s Electronic Flight Bags And OPT Database Becomes Accessible To Attackers
Security gaps in older, unprotected Windows desktop versions of Boeing’s Onboard Performance Tool (OPT) could make certain Electronic Flight Bags (EFB) more susceptible to attack.
In particular, OPT’s use of plain text configuration files and SQLite databases means an attacker with physical access to an EFB could modify files directly on the device.
Boeing released OPT version 4.70 and issued a service bulletin to operators to enhance the application’s security features and minimize the potential for manipulating OPT data.
Pilot used OPT to calculate the landing and take-off speeds of certain Boeing aircraft. This is important to avoid running out of runway, optimize braking performance, and correctly calculate V speeds used in take-off.
Lack of database integrity checks
The SQLite database airport.sdb contains information on runway length, slope, NOTAM,s, and other information on airfields. OPT opens this database when selecting the ARPT option and shows the runway length available for landing and in diagrammatic form for take-off
This database contains, amongst other things, data relating to configuration deviation lists (CDL). The CDL manage acceptable defects on the aircraft and produce offsets in the V speeds for example if a piece was missing that increased drag, the take-off speed may need to be higher.
Boeing’s Exploitability
An attacker with physical access to EFBs, for example, cleaning or maintenance crews, or a removed EFB, left in a hotel room (evil maid) attack may have the ability to modify data that could have potential flight impacts.
This requires a rewrite of EFB. If the EFB were an iPad-type device (which many are) then exploitation would be difficult by a remote attacker targeting a specific device due to the sandboxing in place around the application itself.
If operators lock down devices using an MDM and disable USB access, this also makes physical tampering more difficult. Installed EFBs, historically referred to as Class 3 EFBs, are also protected physically and through airplane network segregation, making exploitation much more difficult.
Pilots should also have access to calculations so targeting a single device would make errors visible.