Hector Marco, a cybersecurity professor flying via a British Airways Boeing 777-36N has accidentally discovered a buffer overflow vulnerability (CVE-2019-9019) that can affect in-flight entertainment systems in the particular model, as well as other airplanes. According to the researcher’s report, the USB interface of the entertainment system allows devices to be charged and interacted with. This means that using a USB keyboard and mouse is possible, allowing the creation of buffer overflow or other memory error scenarios that can produce a DoS (Denial of Service) on specific applications like the chat app.
The chat application is actually the one that the researcher focused on while exploring the possible weaknesses out of boredom, experimenting with long messages and finding a way to crash it. Since the researcher managed to crash his own chat app, it is deduced that it would be fairly easy to do the same across all the entertainment systems of the passengers, by sending them very long messages. Since the USB port allows interaction with the system, it would be possible to write a piece of malicious code and automate the DoS process. The researcher has even recorded the following video, showcasing how this works.
The particular in-flight entertainment system is made by “Thales Group” and traded under the name “TopSeries i5000”. British Airways uses the specific system in at least 12 of their 777 aircraft, while other models such as the 787 Dreamliners, A321 and A380 are also equipped with the i5000. Other airlines that used the Thales TopSeries i5000 include Oman Air (at least 18 airplanes), Hong Kong Airlines (about 27 affected aircraft), and possibly more. This means that the vulnerability flies around the globe every day, and further investigation and security strengthening is clearly essential.
However, it is important to note that a malicious hacker cannot bring the plane down by exploiting the CVE-2019-9019. In-flight entertainment systems are isolated from the airplane’s flight systems, and there’s no way to perform privilege escalation through the chat, or any other app. So, this story is about the comfort of flight passengers who have to spend many hours during transatlantic flights, and not their safety. Even the video that acts as the proof-of-concept for the discovered vulnerability is very far from effective exploitation of the bug, and the execution of a widespread DoS attack. Still, further research and the implementation of a remedy to all possible vulnerabilities that are present on in-flight entertainment systems is absolutely essential.
Have you ever noticed something weird while fiddling with an in-flight entertainment system? Share your experience in the comments section below, and don’t hesitate to do the same on our socials, on Facebook and Twitter.