Security researchers have discovered two vulnerabilities in wireless local area network devices commonly used on aircraft that could expose users to hacking.
Detailed Sept. 3 by Thomas Knudsen and Samy Younsi of Necrum Security Labs, the vulnerabilities were found in the FLEXLAN FXA2000 and FXA3000 series devices from CONTEC Co. Ltd., a Japanese electronics manufacturer. The vulnerabilities in the devices, mainly used in airplanes for Wi-Fi access, could allow an attacker to take over the devices.
The first vulnerability, named CVE-2022-36158, relates to a hidden system command page not listed in the Wireless LAN Manager interface that allows for executing Linux commands on the device with root privileges. With this access, the researchers gained access to all systems files and telnet access, giving them full control to the device.
The second vulnerability, CVE-2022-36159, involves weak hard-coded cryptographic keys and a backdoor account. A file on the devices was found to contain the hashed passwords of two users — root and user — that could be discovered in a brute-force attack. Although the owner can change the user password, the root account is reserved for CONTEC only, likely for maintenance purposes. With access to the root password, an attacker would have full access to the device.
The researchers recommend that the hidden engineering web page be removed from the devices in production because the default password is very weak. Further, they suggest that CONTEC generate a different password for each device during manufacturing.
In a security release, CONTEC said that there are “possibilities of data plagiarism, falsification and system destruction with malicious programs if this vulnerability was exploited by malicious attackers.” Firmware updates for both devices that address the vulnerabilities have been released.
“This vulnerability allows a hacker to set up a man-in-the-middle attack that can snoop on and modify users’ internet connections,” Paul Bischoff, privacy advocate with tech research company Comparitech Ltd., told SiliconANGLE. “Anyone using a plane’s compromised Wi-Fi could have their online activity spied on and potentially manipulated.”
Chris Hauk, consumer privacy champion at online privacy site Pixel Privacy, noted that manufacturers of devices like the Flexlan FX3000 and FX2000 need to work to provide reliable security for their device from the time they are first designed.
“This is especially true of devices such as the FX3000 and FX2000, where the end-user has no control over the device, making them unable to replace the device’s default password with a more secure password or to be able to run updates to fix security holes like this,” Hauk added.