CVE-2019-9019: British Airways Entertainment System Vulnerable
NEWS

CVE-2019-9019: British Airways Entertainment System Vulnerable

There’s hardly a day without a new vulnerability. CVE-2019-9019 is a security flaw in the British Airways Entertainment System which affects Boeing 777-36N (ER) and perhaps other aircraft, too. The vulnerability’s type is privilege escalation that is located in the component USB Handler.




CVE-2019-9019 Technical Overview

Here’s CVE-2019-9019 official description:

The British Airways Entertainment System, as installed on Boeing 777-36N(ER) and possibly other aircraft, does not prevent the USB charging/data-transfer feature from interacting with USB keyboard and mouse devices, which allows physically proximate attackers to conduct unanticipated attacks against Entertainment applications, as demonstrated by using mouse copy-and-paste actions to trigger a Chat buffer overflow or possibly have unspecified other impact.

As already mentioned the vulnerable entertainment system is installed on Boeing 777-36N(ER) , but other models may be affected as well. It should be noted that the attack is possible on a local level, with no form of authentication required for exploitation. At the moment, there are neither technical details nor an exploit publicly available, security researchers say.

Related:
A new report from the U.S. Department of Homeland Security warns against the cybersecurity risks of the agricultural industry.
Precision Agriculture Industry at Risk of Imminent Cybersecurity Threats

The current price for an exploit is around $5k-$25k (estimation calculated on 02/23/2019). The CVE-2019-9019 vulnerability is described as having a historic impact due to its background and reception.

Since there are no known countermeasures so far, a good idea may be to replace the affected system with an alternative product.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

It’s important to note that entertainment systems are crucial components in aviation, and they could be used as entry points for attackers in various scenarios. It’s not the first time vulnerabilities affecting aircraft are discovered. A couple of years ago, a security researcher uncovered vulnerabilities in Panasonic Avionics in-flight entertainment, known as IFE systems.

Related:
The breached information at Airbus includes professional contact and IT identification details of some Airbus employees in Europe.
Airbus Data Breach Exposed Personal Information of European Employees

The IFE systems are used by many airlines including United Airlines, American Airlines, Virgin Atlantic, and Air France. The vulnerabilities could allow attackers to control what passengers see and hear on their in-flight display.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...