Vulnerabilities Found in Airplane WiFi Devices, Passengers’ Data Exposed

Two critical vulnerabilities were uncovered in wireless LAN devices that are allegedly applied to supply internet connectivity in airplanes.

The flaws were being found by Thomas Knudsen and Samy Younsi of Necrum Security Labs and afflicted the Flexlan Forex3000 and Forex2000 sequence wi-fi LAN equipment manufactured by Contec.

“Soon after undertaking reverse engineering of the firmware, we found that a hidden page not listed in the Wireless LAN Manager interface makes it possible for to execute Linux commands on the system with root privileges,” wrote the security scientists in an advisory, referring to the vulnerability tracked CVE–2022–36158.

✔ Approved Seller From Our Partners

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount

“From right here, we had obtain to all the technique files but also be capable to open up the telnet port and have entire accessibility to the machine.”

Knudsen and Younsi also described a next vulnerability in the advisory (tracked CVE–2022–36159), this 1 referring to the use of weak hard–coded cryptographic keys and backdoor accounts.

“All through our investigation, we also found that the /etcetera/shadow file is made up of the hash of two people (root and person), which only took us a couple of minutes to get better by a brute–force attack,” Necrum Security Labs wrote.

In accordance to the security gurus, the issue in this article is that the machine proprietor can only change the account user’s password from the web administration interface mainly because the root account is reserved for Contec (likely for upkeep uses). 

“This signifies an attacker with the root hard–coded password can entry all FXA2000 series and FXA3000 series gadgets,” discussed Knudsen and Younsi.

To take care of the 1st vulnerability, the researchers explained the concealed engineering web webpage really should be eliminated from the devices in manufacturing considering that the default password is extremely weak.

“This weak default password would make it very uncomplicated for any attacker to inject a backdoor on the device as a result of this webpage,” wrote the security experts.

As for the next flaw, Necrum Security Labs said Contec need to crank out a various password for each and every unit through the producing course of action.

These are barely the first vulnerabilities learned in wi-fi units around the last couple months. Previous 7 days, for instance, Quick7 disclosed flaws in two TCP/IP–enabled health-related units developed by Baxter Healthcare, a single of which was a WiFi Battery.