Vulnerabilities Found in Airplane WiFi Devices, Passengers’ Data Exposed

Two critical vulnerabilities were uncovered in wireless LAN devices that are allegedly applied to supply internet connectivity in airplanes.

The flaws were being found by Thomas Knudsen and Samy Younsi of Necrum Security Labs and afflicted the Flexlan Forex3000 and Forex2000 sequence wi-fi LAN equipment manufactured by Contec.

“Soon after undertaking reverse engineering of the firmware, we found that a hidden page not listed in the Wireless LAN Manager interface makes it possible for to execute Linux commands on the system with root privileges,” wrote the security scientists in an advisory, referring to the vulnerability tracked CVE–2022–36158.

✔ Approved From Our Partners

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code

“From right here, we had obtain to all the technique files but also be capable to open up the telnet port and have entire accessibility to the machine.”

Knudsen and Younsi also described a next vulnerability in the advisory (tracked CVE–2022–36159), this 1 referring to the use of weak hard–coded cryptographic keys and backdoor accounts.

“All through our investigation, we also found that the /etcetera/shadow file is made up of the hash of two people (root and person), which only took us a couple of minutes to get better by a brute–force attack,” Necrum Security Labs wrote.

In accordance to the security gurus, the issue in this article is that the machine proprietor can only change the account user’s password from the web administration interface mainly because the root account is reserved for Contec (likely for upkeep uses). 

“This signifies an attacker with the root hard–coded password can entry all FXA2000 series and FXA3000 series gadgets,” discussed Knudsen and Younsi.

To take care of the 1st vulnerability, the researchers explained the concealed engineering web webpage really should be eliminated from the devices in manufacturing considering that the default password is extremely weak.

“This weak default password would make it very uncomplicated for any attacker to inject a backdoor on the device as a result of this webpage,” wrote the security experts.

As for the next flaw, Necrum Security Labs said Contec need to crank out a various password for each and every unit through the producing course of action.

These are barely the first vulnerabilities learned in wi-fi units around the last couple months. Previous 7 days, for instance, Quick7 disclosed flaws in two TCP/IP–enabled health-related units developed by Baxter Healthcare, a single of which was a WiFi Battery.