Vulnerabilities In Airline WiFi Devices Expose Passenger Data

Uploaded on 2022-10-11 in FREE TO VIEW, BUSINESS-Services-Transport & Travel

Two critical vulnerabilities have been detected in wireless devices LAN devices used in airline planes to provide Internet connectivity to passengers while in-flight. The faults were discovered by a pair of researchers at Necrum Security Labs.

The security researchers found that a hidden page not listed in the Wireless LAN manager allow attackers to execute Linux commands on the device with root privileges. The vulnerability is tracked as CVE-2022-36158. And a threat exists to other passengers or anyone connected to the WiFi network created on the vulnerable devices.

The flaws were discovered by Thomas Knudsen and Samy Younsi of Necrum Security Labs and affected the Flexlan FX3000 and FX2000 series wireless LAN devices made by Contec a Japan-based company that specialises in embedded computing, industrial automation, and IoT communication technology. "After performing reverse engineering of the firmware, we discovered that a hidden page not listed in the Wireless LAN Manager interface allows to execute Linux commands on the device with root privileges," wrote the security researchers in a statement referring to the vulnerability tracked CVE–2022–36158. "From here, we had access to all the system files but also be able to open the telnet port and have full access to the device."

The security researchers also found that one file contains the hash of two users, which the attackers were able to recover in just minutes via a brute-force attack.

The issue is that the device owner can only change the account user’s password from the web administration interface as the root account is reserved for Contec. Meaning that individuals who use WiFi on their devices while inflight could be vulnerable to the attack.

As for the second flaw, Necrum Security Labs said Contec should generate a different password for each device during the manufacturing process. 

These are hardly the first vulnerabilities discovered in wireless devices over the last few months. Recently, Rapid7 disclosed flaws in two medical devices produced by Baxter Healthcare, one of which was a WiFi Battery.

The US Cybersecurity and Infrastructure Security Agency (CISA) recently published an advisory describing vulnerabilities in a Contec medical device, but it has not released an advisory for the Flexlan issues. The affected devices are not used only in airplanes. Nihon Kohden, a Japanese manufacturer of medical electronic equipment, issued a statement recently to inform customers about these vulnerabilities, saying that it’s investigating the impact on its products and systems.

The researchers suggested removing the hidden engineering webpage from the devices in manufacturing to address the first vulnerability because the default password is so vulnerable. Experts say this weak default password makes it easy for attackers to inject a backdoor because of this URL.

Samy Younsi:    Nikon Kohden:  Spiceworks:    Infosecurity Magazine:     Oodaloop:    ITSecurity:    Cyber Daily:

You Might Also Read: 

In Britain 'Cyberflashing’ Is Now A Crime:

 

« Microsoft Warning - Windows Flaw Being Attacked
Hackers Have Exploited The Queen’s Death »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ForeScout Technologies

ForeScout Technologies

ForeScout delivers pervasive network security by allowing organisations to continuously monitor & mitigate security exposures & cyberattacks.

GSMA - IoT Security Guidelines

GSMA - IoT Security Guidelines

GSMA has created a set of security guidelines for the benefit of service providers who are looking to develop new IoT products and services.

Alliance for Cyber Security (ACS)

Alliance for Cyber Security (ACS)

An alliance of all major players in the field of cyber security in Germany with a mission to strengthen Germany’s resistance to cyber-attacks.

Redspin

Redspin

Redspin provide penetration testing, security assessments and consulting services.

NESECO

NESECO

NESECO is an IT security integration and consulting firm providing security products, solutions, support, consulting, and training services.

Risk Based Security (RBS)

Risk Based Security (RBS)

Risk Based Security provide the most comprehensive and timely vulnerability intelligence, breach data and risk ratings.

EPIC Insurance Brokers & Consultants

EPIC Insurance Brokers & Consultants

EPIC is an insuarnce broker and consultancy firm. Risk management services include risk consultancy and cybersecurity insurance.

Envieta

Envieta

Envieta is a leader in cryptographic solutions. From server to sensor, we design and implement powerful security into new or existing infrastructure.

Stairwell

Stairwell

Stairwell is building a new approach to cybersecurity around a vision that all security teams should be able to determine what’s good, what’s bad, and why.

BlackhawkNest

BlackhawkNest

Blackhawk is the only cyber security solution on the market that combines network monitoring and incident response into a cohesive appliance.

Vantea SMART

Vantea SMART

Vantea SMART have decades of experience in cybersecurity resulting in an approach of proactive prevention - Security by Design and by Default.

Jamf

Jamf

Jamf is the only Apple Enterprise Management solution of scale that remotely connects, manages and protects Apple users, devices and services.

TwoThreeFour

TwoThreeFour

ThreeTwoFour provide tailored cyber security solutions, delivered by highly-skilled, experienced consultants who respond to the real needs of you and your business.

Armo

Armo

Armo technology enhances any Kubernetes deployment with security, visibility, and control from the CI/CD pipeline through production.

FastPassCorp

FastPassCorp

In the world of IT, identity theft is a growing concern. FastPass offers an innovative solution as a cloud or on-premises offering.

Metrics that Matter (MTM)

Metrics that Matter (MTM)

Metrics that Matter redefines how organizations approach cybersecurity by offering unprecedented insight into the value of their assets to criminals and tailored action plans to protect.