Researchers Discover Vulnerabilities in Airplane Wi-Fi Devices

Security experts from Necrum Security Labs have identified two serious vulnerabilities in Flexlan FX3000 and FX2000 devices, which are commonly used to provide Wi-Fi on passenger airplanes. These devices are manufactured by the Japanese company Contec, which specializes in embedded devices, industrial automation, and IoT communication technologies.

Details of the Vulnerabilities

The first issue, CVE-2022-36158, involves a hidden web page that can be used to execute Linux commands on the device with root privileges. The device’s management interface does not contain a direct link to this hidden page. According to the researchers, “From this page, we gained access to all system files and were able to open a telnet port and obtain full access to the device.”

The second vulnerability, CVE-2022-36159, is essentially a backdoor. Researchers found a root user account with a hardcoded default password on the devices. They believe this account was originally intended for device maintenance. Although the password was stored as a hash, the experts were able to crack it easily. They warn that an attacker could use this account to gain complete control over the device.

Potential Risks and Attack Scenarios

While Contec advertises its Flexlan wireless LAN devices as ideal for use in distribution systems, factories, and offices, researchers note that these devices are often used on airplanes as Wi-Fi access points for passengers. The experts warn that the discovered vulnerabilities could be exploited by an ordinary passenger, as the vulnerable interface is accessible to anyone. An attacker could, for example, collect data from other passengers or infect their devices with malware.

“One possible scenario is an attacker spoofing HTTPS traffic by uploading their own certificate to the router, allowing them to view all requests in plain text. Another attack scenario could involve redirecting traffic to a malicious APK or iOS app to infect passengers’ phones,” the analysts explain.

Patches and Broader Impact

Contec has already released patches for the issues identified by Necrum Security Labs: firmware version 1.16.00 for the FX3000 series and 1.39.00 for the FX2000 series address the vulnerabilities. In its security bulletin, the company states that exploiting these bugs could have led to “data theft, falsification, and system disruption.”

It’s important to note that these problems are not limited to airplanes. For example, the Japanese medical electronics manufacturer Nihon Kohden recently warned its customers about these vulnerabilities. The company is currently investigating the potential impact of the discovered bugs on its products and systems.