Tag Archive for: passenger’s
Vulnerabilities Found in Airplane WiFi Devices, Passengers’ Data Exposed
Two critical vulnerabilities were found in wireless LAN devices that are allegedly used to provide internet connectivity in airplanes.
The flaws were discovered by Thomas Knudsen and Samy Younsi of Necrum Security Labs and affected the Flexlan FX3000 and FX2000 series wireless LAN devices made by Contec.
“After performing reverse engineering of the firmware, we discovered that a hidden page not listed in the Wireless LAN Manager interface allows to execute Linux commands on the device with root privileges,” wrote the security researchers in an advisory, referring to the vulnerability tracked CVE–2022–36158.
“From here, we had access to all the system files but also be able to open the telnet port and have full access to the device.”
Knudsen and Younsi also described a second vulnerability in the advisory (tracked CVE–2022–36159), this one referring to the use of weak hard–coded cryptographic keys and backdoor accounts.
“During our investigation, we also found that the /etc/shadow file contains the hash of two users (root and user), which only took us a few minutes to recover by a brute–force attack,” Necrum Security Labs wrote.
According to the security experts, the issue here is that the device owner can only change the account user’s password from the web administration interface because the root account is reserved for Contec (probably for maintenance purposes).
“This means an attacker with the root hard–coded password can access all FXA2000 series and FXA3000 series devices,” explained Knudsen and Younsi.
To fix the first vulnerability, the researchers said the hidden engineering web page should be removed from the devices in production since the default password is very weak.
“This weak default password makes it very easy for any attacker to inject a backdoor on the device through this page,” wrote the security experts.
As for the second flaw, Necrum Security Labs said Contec should generate a different password for each device during the manufacturing process.
These are hardly the first vulnerabilities discovered in wireless devices over the last few months. Last week, for instance, Rapid7 disclosed flaws in two TCP/IP–enabled medical devices…
M’luru: Boy, girl chat on mobile regarding security– Passengers deplaned, flight checked
Daijiworld Media Network – Mangaluru (MS)
Mangaluru, Aug 14: A flight journey was cut short and all the passengers were alighted from the aircraft and the flight was intensely checked for any sabotage on Sunday, August 14, in the afternoon at the international airport here.
One of the passengers noticed a young boy and a girl chatting on the mobile. He got suspicious and brought this to the notice of the cabin crew. Immediately, all the passengers on board were deboarded and the whole flight was checked for any sabotage.
The girl was waiting for her flight to go to Bengaluru while the boy was ready to fly to Mumbai. Police sources said that both were friends and they spoke about the security just for fun.
Airport Passengers Exit Terminal 4 for ‘Security Incident’ – NBC New York
Amid one of the busiest travel weekends in the country, the largest terminal at New York’s John F. Kennedy Airport experienced a “security incident” on Sunday that prompted a partial evacuation.
The first signs of trouble at the airport began surfacing on social media shortly before 11 a.m. as passengers were ushered out of Terminal 4.
A spokesperson for the Port Authority said passengers were cleared from the departures area of the terminal while the bomb squad investigated an unattended bag.
The arrival and departure levels of Terminal 4 were briefly closed to all inbound traffic due to the investigation.
Bomb squad investigators and K-9 teams deemed the unattended luggage safe and airport operations were resumed around 12 p.m.
The bag contained a common household product K-9s are trained to detect, a law enforcement source told News 4.
The impact of the over hour-long shutdown was expected to cause delays at the terminal as the holiday weekend rush continued.